Security Basics mailing list archives
Re: Checking when the OS was first installed
From: Times Enemy <times () krr org>
Date: Wed, 01 Jun 2005 01:00:25 -0700
Greetings. Not sure why, but i am assuming the OS is a Microsoft OS.I would have to agree, that the creation date for the %systemroot% directory should indicate when the OS was installed. This may not work if the OS was upgraded significantly.
Some generic folders to check the creation date: c:\%systemroot% c:\%systemroot%\Config c:\%systemroot%\Fonts c:\%systemroot%\repair c:\%systemroot%\system c:\%systemroot%\system32 c:\program files c:\program files\common files c:\documents and settings\default user Some files to check the creation date: c:\io.sys c:\msdos.sys c:\pagefile.sys c:\windows\setuplog.txt c:\windows\winnt.bmp c:\windows\winnt256.bmpc:\windows\security\logs\backup.log # may have date inside as well as creation date # the 'c:\windows\security\logs' subdirectory may have several files of worth regarding install date
# the same goes for file creation dates within 'c:\windows\system32\config' c:\windows\comsetup.log c:\windows\debug\netsetup.log et cetera. This is not 100%, but it should work most of the time. From a command prompt, XP Pro: dir /tc <filename> EXAMPLE: dir /tc c:\autoexec.bat This controls which time field displayed or used for sorting, per 'dir /?'. For hidden files: dir /ah /tc <filename> EXAMPLE: dir /ah /tc c:\io.sys OR right-click file/folder, left-click properties.If you do enough of these, you should be able to determine the installation date. There may be some simple command, registry entry, or the likes that keeps this information, specifically, and solely, but i do not know of it at this time.
FWIW, why do you care when the OS was installed? .times enemy Ansgar -59cobalt- Wiechers wrote:
On 2005-05-29 Lubrano di Ciccone, Christophe (DEF) wrote:The date of the boot.ini file or the winnt folder (%systemroot%) may help you.Maybe, but since it's the configuration file for the bootloader, it is prone to changes, so this seems very unreliable to me. Regards Ansgar Wiechers
Current thread:
- RE: Checking when the OS was first installed Salvador.Manaois (Jun 01)
- <Possible follow-ups>
- Re: Checking when the OS was first installed Times Enemy (Jun 01)
- RE: Checking when the OS was first installed AndrewC (Jun 03)
- Re: Checking when the OS was first installed Times Enemy (Jun 01)
- Re: RE: Checking when the OS was first installed mattrix . m (Jun 06)