On Mon, 14 Jul 2003 14:18:19 BST, Andrew Sheldon <forensicsat_private> said: > @ x8B2D - "2003022815440000" > > The line at 8B2D is the creation date in the format "yyyymmddhhmm" No, that's the *PURPORTED* creation date. Keep in mind that if *YOU* care (for a forensics reason) what the creation date actually was, that a miscreant probably has an advantage if they can *lie* about said date. There's nothing stopping me from creating a CD that *SAYS*: @ x8B2D - "1973022815440000" totally ignoring the fact that CD's didn't exist in that year. Or @ x8B2D - "2004022815440000". Or any other timestamp. Remember guys - you're looking at data provided by a potential adversary. Judge its value accordingly, in accordance with the threat model.... "No, I wasn't ditching work and flying to Bermuda that day.. See? Here's the CD I burned that afternoon....." /Valdis (who saw at least 4 different ways to make the clock of an IBM S/360-65J go backwards for the sole purpose of making a late homework assignment look on time. - and that was well over 25 years ago..)
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 13:01:47 PDT