Anti-Forensics
Account Misuse
Clear Browser Artifacts
Clear Email Artifacts
Code Contribution Obfuscation and Misrepresentation
Decrease Privileges
Delayed Execution Triggers
Delete User Account
Deletion of Volume Shadow Copy
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Deletion
Log Modification
Message Deletion
Modify Windows Registry
Network Obfuscation
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Stalling
Steganography
System Shutdown
System Time Modification
Timestomping
Tripwires
Uninstalling Software
Virtualization
- ID: AF032.002
- Created: 04th May 2026
- Updated: 04th May 2026
- Platform: Linux
- Contributor: The ITM Team
Linux System Time Modification
A subject modifies the Linux system time, time zone, hardware clock, or time synchronization configuration to obscure the chronology of activity relevant to an insider threat investigation. This behavior may affect timestamps associated with file creation, file modification, authentication records, shell history, service execution, package activity, scheduled jobs, and other host-based artifacts used to reconstruct subject activity.
On Linux systems, this behavior may involve commands or utilities such as timedatectl, date, hwclock, or changes to time synchronization services such as NTP, Chrony, or systemd-timesyncd.