Gyu-Sang Cho

Learn More
In this paper, we present a computer forensic method for detecting timestamp forgeries in the Windows NTFS file system. It is difficult to know precisely that the timestamps have been changed by only examining the timestamps of the file itself. If we can find the past timestamps before any changes to the file are made, this can act as evidence of file time(More)
Dubins showed that any shortest path of a car-like robot consists of exactly three path segment which are either arcs of circles of radius r(denoted C), or straight line segments(denoted S). Possible six types classified into two families, i.e. CSC and CCC. CSC includes 2 types(LRL and RLR) and CSC includes 4 types(LSL, RSR, LSR, RSL). This paper proposes(More)
  • Gyu-Sang Cho
  • 2015 9th International Conference on Innovative…
  • 2015
This work provides a forensic analysis method for a directory index in NTFS file system. NTFS employed B-tree indexing for providing efficient storage of many files and fast lookups, which changes in a structure of the directory index when files are operated. As a forensic view point, we observe behaviors of the B-tree to analyze files that once existed in(More)
This research is about a development of software tool for hiding message in a directory index in Windows NTFS file system. A method of hiding message in directory index slack space is a newly proposed technique. A B-tree is adopted to manage file indexes in a directory in NTFS. Operating characteristics of the B-tree is utilized for hiding message in the(More)
This proposes an intuitive computer forensic method by timestamp changing patterns of operations on file in Windows NTFS file system. It categorized by seven file operations and has ten distinguishable patterns by their timestamp changes. The distinct timestamp changing patterns make decision on identifying what kind of file operation is performed. Some(More)
  • 1