Computer Forensics: Re: mactimes

Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Computer Forensics Computer-Forensics

[Top] [All Lists]

Re: mactimes

from [Rogan Dawes] Network Security

[Permanent Link]

Subject:	Re: mactimes
Date:	Fri, 12 Nov 2004 09:42:20 +0100

Potter, Timothy wrote:

If mactimes can easily be modified by a hacker, then would I know, and how
would mactimes be utilized in court?

I have a Microsoft Excel file on a fat12 floppy disk.
Here are the mactimes:

modified: 9/28/2004 @ 9:12AM CST
accessed: 9/29/2004 @ 4:38PM CST
created: 10/1/2004 @ 1:12 AM

So, how can the created time be later than the last modified time?? This
doesn't help in establishing a clear timeline of events.. Thanks, -Tim

I wonder if the created time is not including the timezone, or something along those lines?

Rogan
--
Rogan Dawes

*ALL* messages to discard@dawes.za.net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"

----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
mactimes, Potter, Timothy Re: mactimes, Frank Knobbe Re: mactimes, Rogan Dawes <= Re: mactimes, Valdis . Kletnieks RE: mactimes, Warren Kruse Re: mactimes - not reliable., David M. Andersen RE: mactimes - not reliable., dave kleiman RE: mactimes, Amin Lalji Re: mactimes, Marius Huse Jacobsen RE: mactimes, Bénoni MARTIN Re: mactimes, Jason Coombs Re: mactimes, Matthew Farrenkopf Re: mactimes (ctime on unix is not creation but change time), Martin Mačok

Previous by Date:	Re: mactimes, Frankie Li
Next by Date:	Re: MD5 Collisions and Evidence Integrity, Gavin Reid
Previous by Thread:	Re: mactimes, Frank Knobbe
Next by Thread:	Re: mactimes, Valdis . Kletnieks
Indexes:	[Date] [Thread] [Top] [All Lists]