| Author(s) | Eugene Antsilevich |
| TR-Number | JMU-INFOSEC-TR-2009-002 |
| Abstract |
In this paper we present a survey we conducted of popular operating systems and software packages to determine what time precision and rounding behavior is used for timestamps stored on those systems. The results of this survey are presented with emphasis on timestamp sources that can be utilized by computer forensic investigators to order and correlate events.
Furthermore, we introduce and describe a new Timestamp module for the Zeitline forensic timeline editor. This module allows a user to handle timestamps as ÒfuzzyÓ time ranges, where precision and rounding method can be controlled for each timestamp source. This extension is based on a computer clock model introduced by Buchholz. |
| Sponsor | Prof. Florian Buchholz |
| Contact | e-mail techreports@cs.jmu.edu |