What do you all think of this scenario?

Let's suppose one has a laptop with a 10 gig hard drive. Let's further suppose that the OS is use is Windows 98. It becomes necessary to forensically examine the contents using X-Ways suite of forensic tools. The file system is collated and traversed using X-Ways. When one examines the dates and times of modified files in order one can see the general pattern of dates and times of when the system was booted up and shut down. This is because Windows 98 modifies certain files everytime it starts and shuts down (see Knowledge base articles #183603, 183887 and 184023).

Here's the oddity: Let's suppose that by judging from the traversed modifed system files you see that the machine was apparently turned on 2/6/06 at 08:45 and turned off at 23:30, as those were the first and last files modified on that date. But when you check inside one of the CAB files it contains a DAT file that is dated 20 minutes after 23:30.

Does this not suggest an anomoly of some sort? How often would something like this occur? Would it necessarily be a sign of someone tampering with the system data? Or perhaps this oddity arose from a power glitch of some sort.

rogueactivex