How much do timestamps matter?

[irongeek at irongeek.com (Adrian Crenshaw)]

As the subject states, how much do file time stamp matter to a forensics
case? If some one finds my collection of "Nazi albino midget Eskimo" porn,
does it really mater what the date is? I see timestomp (let me know if there
are better tools) lets you change the MACE times of a file in Windows to
whatever you want, but if you use the -r option to set the time stamp to the
17th century that's obviously bogus, and setting it far in the future is
little good either as far as I can tell. Having a scheduled job of some kind
that sets the times a few day later than the current time may be useful, so
that when the box is acquired time stamps show files that have changed since
the seizure. In a court case, how important are time stamps? Anyone reaally
do this for a living that can give me insight?

Thanks,
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090811/daeb0d7e/attachment.htm