PaulDotCom mailing list archives
How much do timestamps matter?
From: pauldotcom at grymoire.com (Grymoire)
Date: Tue, 11 Aug 2009 21:26:39 -0400
As the subject states, how much do file time stamp matter to a forensics case? If some one finds my collection of "Nazi albino midget Eskimo" porn, does it really mater what the date is?
I'm not a forensic expert, but as I understand it, Timestamps help paint an accurate recreation of events. An expert describes a series of events, such as entries in the log file, access times, modifications times, etc, registry entries, etc. Some experts say that you can usually re-create an event even if someone tries to hide their traces (i,e, modify timestamps). I think a lot depends on the OS and logging capability. And if the log is stored on a centralized log server, hiding traces are more difficult.
Current thread:
- How much do timestamps matter? Grymoire (Aug 11)
- How much do timestamps matter? Dimitrios Kapsalis (Aug 11)
- How much do timestamps matter? Jim Halfpenny (Aug 12)
- How much do timestamps matter? David Kovar (Aug 12)
- How much do timestamps matter? Nicholas B. (Aug 12)
- How much do timestamps matter? Joel Folkerts (Aug 13)
- How much do timestamps matter? Ken Pryor (Aug 13)
- How much do timestamps matter? Adrian Crenshaw (Aug 14)
- How much do timestamps matter? Chris Merkel (Aug 14)
- How much do timestamps matter? David Kovar (Aug 12)