SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsIn the digital forensic industry, evidence concerning date and time is a fundamental part of many investigations. As one of the most commonly used anti-forensic approaches, system backdating has appeared in more and more investigations. Since the system clock can be set back manually, it is important for investigators to identify the reliability of date and time so as to make further decision. However, there is no simple way to tell whether the system clock has been backdated or tampered especially when it was subsequently reset to the correct time. There are a variety of artifacts to detect the behavior of backdating the system clock. If the investigator needs to prove the hypothesis that 'the system clock has not been backdated', he or she must examine multiple artifacts for corroboration.