PaulDotCom mailing list archives

How much do timestamps matter?

From: dimitrios at gmail.com (Dimitrios Kapsalis)
Date: Tue, 11 Aug 2009 22:26:36 -0500

I think some of the info in the file system journal helps when people  
try to alter timestamps

Sent from my iPhone

On Aug 11, 2009, at 20:26, Grymoire <pauldotcom at grymoire.com> wrote:

As the subject states, how much do file time stamp matter to a  
forensics
case? If some one finds my collection of "Nazi albino midget  
Eskimo" porn,
does it really mater what the date is?


I'm not a forensic expert, but as I understand it,
Timestamps help paint an accurate recreation of events.

An expert describes a series of events, such as entries in the log
file, access times, modifications times, etc, registry entries, etc.

Some experts say that you can usually re-create an event even if
someone tries to hide their traces (i,e, modify timestamps). I think a
lot depends on the OS and logging capability.


And if the log is stored on a centralized log server, hiding traces  
are
more difficult.


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

How much do timestamps matter? Grymoire (Aug 11)
- How much do timestamps matter? Dimitrios Kapsalis (Aug 11)
- How much do timestamps matter? Jim Halfpenny (Aug 12)
  - How much do timestamps matter? David Kovar (Aug 12)
    - How much do timestamps matter? Nicholas B. (Aug 12)
    - How much do timestamps matter? Joel Folkerts (Aug 13)
    - How much do timestamps matter? Ken Pryor (Aug 13)
    - How much do timestamps matter? Adrian Crenshaw (Aug 14)
    - How much do timestamps matter? Chris Merkel (Aug 14)