timestomping

0001-01-01

Timestomping is a cybersecurity term that refers to the malicious act of altering timestamps with the intent of misleading analysts and incident responders.

Timestomping is an anti-analysis/anti-forensics techique.

Links to this note

anatomyofreallinuxintrusion-alonso2016
incidentresponse-luttgens2014
sshbackdors-dumont2018
timestomping using futimens()
timestomping using Python
timestomping using the touch command
timestomping using utime()
timestomping using utimensat()
tricephalichellkeeper-pourcelot2022

timestomping

0001-01-01

Links to this note

Recent Posts

Linux Hardening: SSH

2025-03-06 DFIR SSH hardening linux hardening SSH PAM

Linux Anti-Forensics: Timestomping

2025-03-05 DFIR linux anti-forensics

Finding Bad with Linux Package Managers

2025-03-03 DFIR linux persistence

Linux Persistence: Startup Scripts

2024-11-10 DFIR CTF linux persistence systemd SysV init startup script

Linux Persistence: Cron

2024-11-10 DFIR CTF linux persistence cron