Logical Time in Distributed Computing Systems
Computer - Distributed computing systems: separate resources acting as one
Time, clocks, and the ordering of events in a distributed system
Communications of the ACM
Timestamp evidence correlation by model based clock hypothesis testing
Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A correlation method for establishing provenance of timestamps in digital evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Time and date issues in forensic computing-a case study
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
The construction of timelines of computer activity is a part of many digital investigations. These timelines of events are composed of traces of historical activity drawn from system logs and potentially from evidence of events found in the computer file system. A potential problem with the use of such information is that some of it may be inconsistent and contradictory thus compromising its value. This work introduces a software tool (CAT Detect) for the detection of inconsistency within timelines of computer activity. We examine the impact of deliberate tampering through experiments conducted with our prototype software tool. Based on the results of these experiments, we discuss techniques which can be employed to deal with such temporal inconsistencies.