Security Basics mailing list archives
RE: Checking when the OS was first installed
From: "Andrew Aris" <andrew () dev bigfishinternet co uk>
Date: Tue, 24 May 2005 17:00:16 +0100
From a cmd prompt rum "systeminfo" and it will display the orignal OS
install date. Not sure how easy this information is to tamper with if that is a worry. There is also a registry key in HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Although this is a DWORD so its not exactly human-friendly! cheers, Andrew
-----Original Message----- From: ricci [mailto:ricci () cs ust hk] Sent: 24 May 2005 01:08 To: security-basics () securityfocus com Subject: Checking when the OS was first installed Hello All, I was given a Windows XP Pro bootup hard disk for verification of its first installation date. What information I can verify when the hard disk was first installed? Secondly, if the OS was cloned and reproduced from another source, how can I verify that? Other than Norton Ghost, what other tools could be used for duplicating the hard disk? Besides, if I got a hard disk how can I verify what software (for cloning) it has been used? In a Windows XP platform, what is the use of Windows XP RestorePoint? What information I can collect from the RestorePoint? Is that related to backup information? Thanks. Ricci
Current thread:
- SecurityFocus beta site redesign - feedback requested Kelly Martin (May 20)
- Checking when the OS was first installed ricci (May 24)
- RE: Checking when the OS was first installed Andrew Aris (May 26)
- RE: Checking when the OS was first installed Nobody Special (May 26)
- RE: Checking when the OS was first installed Ryan Kubiak (May 26)
- Re: Checking when the OS was first installed Greg Stiavetti (May 26)
- RE: Checking when the OS was first installed Andrew Aris (May 26)
- Checking when the OS was first installed ricci (May 24)