Malware, ransomware, virus. Every piece of malicious software tries to remain hidden and hides itself until it strikes. The presentation 'Timestomping – Manipulation of Timestamps' deals with a special technique from the field of anti-forensics used to blur traces or manipulate evidence. The time of creation or modification of a file is often crucial for analysis, as it helps determine who, when, and what was manipulated on the system. I explain how timestamps can be forged, the challenges for IT forensics, and what types of timestamps exist in the file system, when they are written or changed, how they can be manipulated, and whether such manipulations can be detected. The g ...