RE: Installation date of Windows image

From: Ronald Prins (prins@fox-it.com)
Date: Mon Apr 01 2002 - 08:16:27 PST

Next message: Catfish: "Re: Installation date of Windows image"

Previous message: Bill Moylan: "Re: Key Computer Services Courses"
Next in thread: Mac Macavity: "RE: Installation date of Windows image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In win98 you can find the schedlog.txt. If the taskscheduler is loaded
(default win98) it will write a new line in this file.



> -----Oorspronkelijk bericht-----
> Van: Mac Macavity [mailto:mac_macavityat_private]
> Verzonden: vrijdag 29 maart 2002 9:44
> Aan: forensicsat_private
> Onderwerp: RE: Installation date of Windows image
> 
> 
> Thanks Ian and Keith, the event logs are indeed a good place 
> to look in 
> NT/2000. I'm still struggling a bit with 95/98 though (as far 
> as I can see 
> bootlog.txt is created the first time after setup and is thus 
> copied over 
> along with the image without being written to again unless forced).
> 
> Kind regards,
> 
> Mac
> 
> 
> >From: Keith Tyler <ktylerat_private>
> >To: 'Mac Macavity' <mac_macavityat_private>, 
> forensicsat_private
> >Subject: RE: Installation date of Windows image
> >Date: Thu, 28 Mar 2002 12:02:46 -0500
> >
> >I don't think there would be a time stamp on anything that 
> would show you
> >when it was first booted up. However depending on the OS you 
> may be able to
> >tell when they booted up the machine and how many times. In 
> winnt you can
> >check the event viewer, provided the logs haven't been 
> overwritten yet. In
> >win95/98 it may have file called bootlog.txt in the root of c:
> >
> >
> >-Regards
> >
> >Keith
> 
> 
> _________________________________________________________________
> Join the world's largest e-mail service with MSN Hotmail. 
> http://www.hotmail.com
> 
> 
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com
> 

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Catfish: "Re: Installation date of Windows image"
Previous message: Bill Moylan: "Re: Key Computer Services Courses"
Next in thread: Mac Macavity: "RE: Installation date of Windows image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 01 2002 - 17:08:10 PST