Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: mactimes

from [Amin Lalji] Network Security [Permanent Link]
Subject: RE: mactimes
Date: Fri, 12 Nov 2004 09:44:21 -0500 
Hi Timothy,

It is quite possible if the file was originally created on another machine
whose time/date was "after" the machine the file was modified on ... the
fact that the file is on a floppy does lend some credence to the possibility
of this type of scenario... another mitigating factor is that of the
timezones... the dates are relatively close... CST is GMT -5/6 so that would
put the created date (depending on the Timezone setting the file was created
with) somewhere on 9/30/2004 closer to 6-7pm ... hard to tell unless you
know the timezone the create date references...

HTH

/A

-----Original Message-----
From: Potter, Timothy [mailto:Timothy.F.Potter@pjc.com] 
Sent: November 10, 2004 11:30 AM
To: forensics@securityfocus.com
Subject: mactimes

If mactimes can easily be modified by a hacker, then would I know, and how
would mactimes be utilized in court?

I have a Microsoft Excel file on a fat12 floppy disk.
Here are the mactimes:

modified: 9/28/2004 @ 9:12AM CST
accessed: 9/29/2004 @ 4:38PM CST
created: 10/1/2004 @ 1:12 AM

So, how can the created time be later than the last modified time?? This
doesn't help in establishing a clear timeline of events.. Thanks, -Tim



Guides for the journey. Piper Jaffray & Co. Since 1895. Member SIPC and
NYSE.
Learn more at piperjaffray.com. Piper Jaffray corporate headquarters is
located at 800 Nicollet Mall, Minneapolis, MN 55402

Piper Jaffray outgoing and incoming e-mail is electronically archived and
recorded and is subject to review, monitoring and/or disclosure to someone
other than the recipient. This e-mail may be considered an advertisement or
solicitation for purposes of regulation of commercial electronic mail
messages. If you do not wish to receive  commercial e-mail communications
from Piper Jaffray, click here to request to unsubscribe.
mailto:can-spam@pjc.com


For additional disclosure information see
http://www.piperjaffray.com/info2.aspx?id=298


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: mactimes - not reliable., David M. Andersen
Next by Date:  RE: MD5 Collisions and Evidence Integrity, dave kleiman
Previous by Thread:  RE: mactimes - not reliable., dave kleiman
Next by Thread:  Re: mactimes, Marius Huse Jacobsen
Indexes:  [Date] [Thread] [Top] [All Lists]