How much do timestamps matter?

[jim.halfpenny at gmail.com (Jim Halfpenny)]

Timestamps may matter a lot if you refute your role in download such
niche bedtime reading. The old, "A virus must have downloaded it,"
might have less credibillity if timestamps show the files to have been
created over a considerable period of time.

Remember that evidence in isolation may seem meaningless. If for
example you have coroborating evidence from browser history, logs or
ISP records timestamps might provide strong evidence.

Jim

On 12/08/2009, Grymoire <pauldotcom at grymoire.com> wrote:
> > As the subject states, how much do file time stamp matter to a forensics
> > case? If some one finds my collection of "Nazi albino midget Eskimo" porn,
> > does it really mater what the date is?
>
> I'm not a forensic expert, but as I understand it,
> Timestamps help paint an accurate recreation of events.
>
> An expert describes a series of events, such as entries in the log
> file, access times, modifications times, etc, registry entries, etc.
>
> Some experts say that you can usually re-create an event even if
> someone tries to hide their traces (i,e, modify timestamps). I think a
> lot depends on the OS and logging capability.
>
>
> And if the log is stored on a centralized log server, hiding traces are
> more difficult.
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-- 
Sent from my mobile device