[THIN] Re: OT - Win2k Forensics

I don't know when this particular attack occurred... which makes it
difficult. I am 100% sure it was more than two weeks ago. That makes it
even harder.

 

-----Original Message-----
From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx] 
Sent: Wednesday, July 30, 2003 8:27 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT - Win2k Forensics

 

Do you have backups you can check?

 

Otherwise the creation date is something you can manipulate, with either
code, or utility.

 

Neil

-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] 
Sent: 30 July 2003 13:24
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT - Win2k Forensics

Anyone out there with a security background able to answer this
question:

 

I'm trying to determine when a file was actually created, since the
attributes say the year 2024. The system clock has never been wrong on
this box, so I cannot see this being the case. 

 

Considering what is IN the file, I would say whoever generated these
logs used some type of access gained to change the attributes so that it
was harder to track back to a time to this particular exploit.

 

*********************************************** This e-mail and its
attachments are confidential and are intended for the above named
recipient only. If this has come to you in error, please notify the
sender immediately and delete this e-mail from your system. You must
take no action based on this, nor must you copy or disclose it or any
part of its contents to any person or organisation. Statements and
opinions contained in this email may not necessarily represent those of
Littlewoods. Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its subsidiaries is 100
Old Hall Street, Liverpool, L70 1AB. Registered number of Littlewoods
Limited is 262152. ************************************************

Other related posts: