Hi all. PC Magazine released a utility sometime back that allowed for modification of MAC times. It used to be free but I can't find it anymore. Anyone have a link or a copy? Thanks! /gary kessler At 08:59 07/13/2003 -0700, Robert Goto wrote: >A good starting point for a primer on Modified, Accessed, Create dates would >be the definitions contained in the Encase manual. > >As far as the creation date of a CDR goes one place to start would be the >volume serial number which you can see by running the 'vol' command from a >prompt. This will help if you have a suspected date range to test for. I >also remember there being a pretty extensive thread on cdfs structure on >this mailing list. > >As with just about any and all date time information though you have to >remember that computers don't really know what time it is on their own and >that all date time information depends on the system date time settings. > >Robert Goto >Senior Technical Advisor >Electronic Evidence Discovery Inc ========================================================================= Gary C. Kessler kesslergat_private Associate Professor Project Director Program Director, Digital Forensics Tech. Information Security Program Director, Computer Networking Vt. Information Technology Ctr. Champlain College Office: +1 802-865-6460 West Hall, Room 12 Fax: +1 802-865-6447 163 South Willard Street Cell: +1 802-238-8913 Burlington, VT 05401 http://digitalforensics.champlain.edu kumquatat_private http://networking.champlain.edu http://www.garykessler.net PGP Public Key: http://www.garykessler.net/kumquat_pubkey.html ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 11:43:19 PDT