ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™Insider Threat Matrix™
  • ID: DT013
  • Created: 30th May 2024
  • Updated: 30th May 2024
  • Platform: Windows
  • Contributor: The ITM Team

NTFS Timestamp Discrepancy

NTFS timestamps have a precision of 100 nanoseconds. Identifying files with timestamps such as 2023-10-10 10:10:00.000:0000 is considered highly unlikely.

This may represent an anti-forensics technique where the subject has conducted timestomping to hide new files or obscure changes made to existing files.