[THIN] Re: OT - Win2k Forensics
- From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 30 Jul 2003 13:26:55 +0100
Do you have backups you can check?
Otherwise the creation date is something you can manipulate, with either
code, or utility.
Neil
-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx]
Sent: 30 July 2003 13:24
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT - Win2k Forensics
Anyone out there with a security background able to answer this
question:
I'm trying to determine when a file was actually created, since
the attributes say the year 2024. The system clock has never been wrong
on this box, so I cannot see this being the case.
Considering what is IN the file, I would say whoever generated
these logs used some type of access gained to change the attributes so
that it was harder to track back to a time to this particular exploit.
***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please
notify the sender immediately and delete this
e-mail from your system.
You must take no action based on this, nor must
you copy or disclose it or any part of its contents
to any person or organisation.
Statements and opinions contained in this email may
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************
Other related posts:
