Breaking Time: Methods, Artifacts, and Forensic Detection of Timestomping on FAT32, Ext3, and Ext4 File Systems
Hiding malicious files is imperative to breach a computer system successfully. To conceal malicious files among legitimate ones and complicate forensic investigations, adversaries often employ timestomping, which is the manipulation of file timestamps, as a defense evasion technique.This paper...
