E.I. Dukhan, N.S Knyazeva, A.N. Averkiev, O.V. Gorbunova

Statement of the problem. Working with computer incidents require restore the sequence of user actions by examining the metadata of file objects. Metadata is primarily timestamps. Practice shows that the ratios of time stamps can be used to determine file operations. To date, specialists have accumulated a section of knowledge about the cause-and-effect relationships between operations and changes in file timestamps. These knowledges are not formalized. There are no scientifically substantiated methods and algorithms for analyzing timestamps, which requires a highly qualified specialist. 

Goal. The purpose of this article is to develop software for automating the process of restoring file operations by timestamps.

Results. The result of the research is a model describing the patterns of the process of changing timestamps and based on the theory of a finite automaton. A technique for restoring the sequence of operations is proposed. A program has been developed to automate the recovery technique.

Practical significance. The results obtained can be used to restore the sequence of actions on file objects based on their timestamps.

Dukhan E.I., Knyazeva N.S., Averkiev A.N., Gorbunova O.V. Multivariate analysis of timestamps of file objects using special software. Radiotekhnika. 2022. V. 86. № 1. P. 66−72. DOI: https://doi.org/10.18127/j00338486-202201-11 (In Russian)

1. Duhan E.I., Knjazeva N.S. Metodika i rezul'taty issledovanija izmenenij vremennyh otmetok fajlovyh ob’ektov. Radiotehnika. 2020. 

T. 84. № 2(4). S. 64−72.

1. Galiaskarov Je.G. Modelirovanie povedenija ob’ektov s pomoshh'ju koncepcii konechnyh avtomatov. Ob’ektnye sistemy. 2011.  № 1(3). URL: https://cyberleninka.ru/article/n/modelirovanie-povedeniya-obektov-s-pomoschyu-kontseptsii-konechnyh-avtomatov  (data obrashhenija: 17.10.2021) (In Russian).
2. Dukhan E., Knyazeva N. Timestamp Change Model in Windows OS. Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). 2020. P. 623−626.
3. Duhan E.I., Knjazeva N.S. Analiz rezul'tatov issledovanija izmenenij vremennyh otmetok fajlov. Vestnik UrFO. Bezopasnost' v informacionnoj sfere. 2021. Vyp. 39. № 1. S. 21−26 (In Russian).
4. Knjazeva N.S. Vosstanovlenie posledovatel'nosti fajlovyh operacij s primeneniem teorii grafov pri provedenii komp'juternyh issledovanij. Vestnik UrFO. Bezopasnost' v informacionnoj sfere. 2021. Vyp. 40. № 2. S. 14−21 (In Russian).