Folks: I'm currently conducting an investigation in relationship to alleged inappropriate Internet activity. My initial results showed some very early (in the morning) access times, so I cross validated with a few different tools. There are a few questions I have however that I'm hoping I can get some help with. The system I'm examining was used is in the same time zone as me. 1. Does it matter that I'm extracting data created in a different time of year? For example, we are currently in Daylight savings time. Some of the data I’ve extracted was created during a period that would have been Standard time. 2. Shouldn't the MAC times still be what they were at the time the data was created/accessed, or am I seeing an hour difference? 3. If I'm seeing an hour difference, why? I'm rather puzzled by all of this. I spoke with another examiner and he succeeded in confusing me more. Shouldn't the MAC times always be correct, regardless of the time zone that the forensic examiner is in? Thanks in advance... Lisa _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 14:46:28 PDT