Skip to Main Content
Skip Nav Destination
ASME Press Select Proceedings
International Conference on Computer and Automation Engineering, 4th (ICCAE 2012)
Jianhong Zhou
Jianhong Zhou
Search for other works by this author on:
No. of Pages:
ASME Press
Publication date:

The National Institute of Standards and Technology [1] lists the importance of preservation of file time stamps for forensic and intrusion detection purposes. Most operating systems keep track of certain timestamps related to files, the most commonly used timestamps being modification, access, and creation (M-A-C) times, which does not guarantee to be accurate from a forensic perspective. Moreover, UNIX based Operating systems retain the last modification, last inode change, and last access times. This relates to the fact that operating systems only have the most recently updated file timestamp information, which along with any inaccuracies does not guarantee a successful recreation of timeline of events, for an effective incident response. This paper proposes a novel approach in terms of augmenting the core of pathname lookup operation in the LINUX kernel, towards accurate and authentic preservation of file time stamps of system wide critical files.

Key Words
1 Introduction
2. Related Works and Motivation
3. Proposed Work: Design & Implementation
4. Testing
5. Conclusion
This content is only available via PDF.
You do not currently have access to this chapter.
Close Modal

or Create an Account

Close Modal
Close Modal