Timestomping is a cybersecurity term that refers to the malicious act of altering timestamps with the intent of misleading analysts and incident responders.
Timestomping is an anti-analysis/anti-forensics techique.
Links to this note
- tsunamiddosmalwaressh2023
- incidentresponse-luttgens2014
- tricephalichellkeeper-pourcelot2022
- anatomyofreallinuxintrusion-alonso2016
- sshbackdors-dumont2018
- timestomping using futimens()
- timestomping using Python
- timestomping using the touch command
- timestomping using utime()
- timestomping using utimensat()