Vladis, Indeed. I agree wholeheartedly - Thats why I said... >.... Obviously, this is keyed to the BIOS of the computer used to write the CD. Best Regards Andy *********** REPLY SEPARATOR *********** On 14/07/2003 at 14:00 Valdis.Kletnieksat_private wrote: >On Mon, 14 Jul 2003 14:18:19 BST, Andrew Sheldon <forensicsat_private> >said: > >> @ x8B2D - "2003022815440000" >> >> The line at 8B2D is the creation date in the format "yyyymmddhhmm" > >No, that's the *PURPORTED* creation date. Keep in mind that if *YOU* care >(for >a forensics reason) what the creation date actually was, that a miscreant >probably has an advantage if they can *lie* about said date. > >There's nothing stopping me from creating a CD that *SAYS*: > > @ x8B2D - "1973022815440000" > >totally ignoring the fact that CD's didn't exist in that year. > >Or @ x8B2D - "2004022815440000". Or any other timestamp. > >Remember guys - you're looking at data provided by a potential adversary. >Judge its value accordingly, in accordance with the threat model.... > >"No, I wasn't ditching work and flying to Bermuda that day.. See? Here's >the >CD I burned that afternoon....." > >/Valdis (who saw at least 4 different ways to make the clock of an IBM >S/360-65J >go backwards for the sole purpose of making a late homework assignment look >on time. - and that was well over 25 years ago..) > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.2 (GNU/Linux) >Comment: Exmh version 2.5 07/13/2001 > >iD8DBQE/Eu/ScC3lWbTT17ARAkqAAJ4sY1zjDf5DBgJQWUX0iNsoowOy5wCfZfc8 >QQMwUmUeA+4/4FGKDKorTLQ= >=sDUf >-----END PGP SIGNATURE----- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 13:03:13 PDT