Carv a couple of things here. 1) I have had just a couple of instances where touch or similiar was used on a system. These were servers that were broken into. I can't say much more than that. 2) I don't think you'll find this too common, as your refer. to the LE response shows. For home users and most corp. users, I don't think they'll take the time to use such a tool. For a skilled person, this is where everything goes out the window. I think if you look to the environment, say finance/banking, that'll be indicative if such a tool MAY be used. Sure, anything, anywhere, anytime is possible. But, again, in most cases, I don't think you'll need to worry about this. When you have a high profile, hush hush environment, wherein there is a purposeful and driving reason to mod. file times, that is where I would start to look. hope this helps farmerdude > I'm failing to see the point of this response. > > > A Win32 port of the Unix touch utility is available > > at > > http://unxutils.sourceforge.net/. This port is a > > native Win32 > > application and does not require Cygwin or a perl > > interpreter. > > My original post never said, "Hey look at this new > thing I've done." In fact, I am fully aware that it > isn't new at all. The Perl script that I wrote was > intended to show, programmatically, *how* this is > done. The SetFileTime() API, for example, doesn't > seem to require Administrator privileges. > > Further, the script I wrote changes all of the > FILETIMES, not just last access and modification. > > The issue I see is that this sort of functionality > could have potentially devastating effects on > forensics analysis and prosecution...which is the > reason I asked the questions in my original post > (neither of which, by the way, was "where can I get > another touch utility?"). > > I have spoken to a few individuals who have experience > in the forensics field from the LE perspective. > Fortunately, none of the ones I spoke to have seen > this sort of functionality in place during an > investigation. > > Carv > > > __________________________________________________ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 03:44:09 PST