Cyber
Anti-Forensics: Timestomping Overview
June 13, 2022
by Andrew Rathbun
Sophisticated Anti-Forensic Tactics and How To Spot Them
Investigative research into anti-forensics tactics Kroll experts have observed in ongoing incident response investigations.
Based on Kroll’s experience through thousands of incident response engagements, our experts have observed an uptick in the usage of anti-forensics tactics, techniques and procedures (TTPs) to circumvent internal security teams and their detection solutions. Anti-forensics are often used by adversaries to hide their activity either by the concealment, manipulation or deletion of their movement within a victim’s system or network infrastructure. These techniques can be difficult to spot for cybersecurity analysts without proper training and experience in detection, as anti-forensic TTPs tend to require more vigilance to spot them during an incident response investigation.
This series focuses on the many variants of anti-forensic tradecraft commonly used by threat actors including detecting timestomping, clearing event logs, alternate data streams (ADS) and disabling antivirus. Our experts dive into what each of the anti-forensics TTPs mean and explain the level of impact each can cause for a cybersecurity analyst during an investigation.
Timestomping
Article List
Cyber
Timestomping a File with NewFileTime
June 13, 2022
by Andrew Rathbun
Cyber
Detecting and Analyzing Timestomping Using KAPE and Timeline Explorer - $MFT
June 13, 2022
by Andrew Rathbun
Cyber
Identifying Indicators of Timestomping with .LNK Files
June 13, 2022
by Andrew Rathbun
Connect with Us
Jason N. Smolanoff
Senior Advisor
Cyber Risk
Los Angeles
Benedetto Demonte
Chief Operating Officer, Cyber Risk
New York
Paul Jackson
Regional Managing Director, Asia-Pacific
Cyber Risk
Hong Kong
Devon Ackerman
Global Head of Incident Response
Cyber Risk
New York
Frank Marano
Associate Managing Director
Cyber Risk
Secaucus
Andrew Rathbun
Vice President
Cyber Risk
Secaucus
Cyber Risk
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll Artifact Parser And Extractor (KAPE)
Find, collect and process forensically useful artifacts in minutes.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Data Recovery and Forensic Analysis
Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.
Data Collection and Preservation
Improve investigations and reduce your potential for litigation and fines with the strict chain-of-custody protocol our experts follow at every stage of the data collection process.
Incident Remediation and Recovery Services
Cyber incident remediation and recovery services are part of Kroll’s Complete Response capabilities, expediting system recovery and minimizing business disruption.
Events
Article List
Cyber
State of Cyber Defense: Healthcare Edition
April 24, 2024|Online
A deep dive into the latest threats and vulnerabilities facing the health care sector along with gaps in detection and response impacting improvement efforts.
Cyber
Kroll at RSA Conference 2024
May 6 - 9, 2024|Conference
Join Kroll experts at the RSA Conference in San Francisco May 6-9, 2024. Stop by booth 2239 in the South Expo Hall to meet our team.
Threat Intelligence
Q1 2024 Cyber Threat Landscape Virtual Briefing
May 29, 2024|Online
Join the Q1 2024 Cyber Threat Landscape Virtual Briefing as Kroll’s cyber threat analysts outline notable trends and insights from our incident response intelligence.
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.