I'm failing to see the point of this response. > A Win32 port of the Unix touch utility is available > at > http://unxutils.sourceforge.net/. This port is a > native Win32 > application and does not require Cygwin or a perl > interpreter. My original post never said, "Hey look at this new thing I've done." In fact, I am fully aware that it isn't new at all. The Perl script that I wrote was intended to show, programmatically, *how* this is done. The SetFileTime() API, for example, doesn't seem to require Administrator privileges. Further, the script I wrote changes all of the FILETIMES, not just last access and modification. The issue I see is that this sort of functionality could have potentially devastating effects on forensics analysis and prosecution...which is the reason I asked the questions in my original post (neither of which, by the way, was "where can I get another touch utility?"). I have spoken to a few individuals who have experience in the forensics field from the LE perspective. Fortunately, none of the ones I spoke to have seen this sort of functionality in place during an investigation. Carv __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 03:17:06 PST