|
-
July 13th, 2009, 05:05 PM
#2
Just a thought.. Lot of AV's have an option of keeping original time stamp (accessed because they will access the file to scan it).. I am sure there are software's out there that let you change time stams the way you want..
I have dealt with a similar case on Vista (enterprise, shouldn’t matter though) and during my course of researching the only way a file will have a newer modified time (or uneven time stamps) is if the file is moved from different machine.
You can confirm this by checking owner / creator of the file that way at least you can see if it’s by the same user at least.
Hope this helps.. I'll put in something once i get time to look around.. on my way to home from office.. 
The reason i'm focusing on time stamps is becuase they are the weak key here.
I am sure you can access the file and edit it through live CD without the host OS knowing about it..
What if the file was changed and time stamps reverted or something..
EDIT :
Lot of software's out there to let you change the time stamp of the file to what you want
http://www.codeproject.com/KB/files/timestamp.aspx
http://www.lifespy.com/2007/windows-...le-timestamps/
*I'm, maybe off the point here; for that please forgive me.. LONG WEEKEND AT WORK :x"
Last edited by ByTeWrangler; July 13th, 2009 at 05:13 PM.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Similar Threads
-
By acidtone in forum Operating Systems
Replies: 5
Last Post: February 14th, 2007, 02:14 PM
-
By brokencrow in forum Microsoft Security Discussions
Replies: 31
Last Post: October 19th, 2006, 05:44 PM
-
By gore in forum Operating Systems
Replies: 12
Last Post: September 10th, 2006, 11:32 PM
-
By gore in forum Operating Systems
Replies: 20
Last Post: March 1st, 2006, 04:40 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote