[THIN] Re: OT - Win2k Forensics

The TOUCH utility could have been used to change the date/time of this file
as well.  Windows Explorer's "File Property" gives Created and Modified
dates... do you see both as 2024 ???

-----Original Message-----
From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, July 30, 2003 8:27 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT - Win2k Forensics


Do you have backups you can check?
 
Otherwise the creation date is something you can manipulate, with either
code, or utility.
 
Neil

-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] 
Sent: 30 July 2003 13:24
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT - Win2k Forensics



Anyone out there with a security background able to answer this question:

 

I'm trying to determine when a file was actually created, since the
attributes say the year 2024. The system clock has never been wrong on this
box, so I cannot see this being the case. 

 

Considering what is IN the file, I would say whoever generated these logs
used some type of access gained to change the attributes so that it was
harder to track back to a time to this particular exploit.

 

*********************************************** This e-mail and its
attachments are confidential and are intended for the above named recipient
only. If this has come to you in error, please notify the sender immediately
and delete this e-mail from your system. You must take no action based on
this, nor must you copy or disclose it or any part of its contents to any
person or organisation. Statements and opinions contained in this email may
not necessarily represent those of Littlewoods. Please note that e-mail
communications may be monitored. The registered office of Littlewoods
Limited and its subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************

Other related posts: