Attackers sometimes change file timestamps to evade detection. Which concept addresses this risk through time synchronization?

Timestomping tries to hide activity by altering when files were created or modified, which disrupts the correlation of events across systems. The best defense is time synchronization: make all machines reference the same trusted time source so their clocks stay in sync. Centralized, authenticated NTP provides a trustworthy ground truth for timestamps, ensuring logs and file metadata align across hosts. The authentication aspect is key because it prevents an attacker from substituting a bogus time source and skewing clocks. With synchronized, trusted clocks, security teams can reliably sequence events, cross-correlate data from different systems, and spot anomalies more accurately. Other options touch on discovery or unrelated concepts and don’t directly mitigate timestomping through clock trust.