>As the subject states, how much do file time stamp matter to a forensics >case? If some one finds my collection of "Nazi albino midget Eskimo" porn, >does it really mater what the date is?
I'm not a forensic expert, but as I understand it, Timestamps help paint an accurate recreation of events. An expert describes a series of events, such as entries in the log file, access times, modifications times, etc, registry entries, etc. Some experts say that you can usually re-create an event even if someone tries to hide their traces (i,e, modify timestamps). I think a lot depends on the OS and logging capability. And if the log is stored on a centralized log server, hiding traces are more difficult. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
