Forums
Main Category
General (Technical,...
File creation date ...
 
Notifications
Clear all

File creation date - Windows XP

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Chisco77 12 years ago
13 Posts
4 Users
0 Reactions
10.1 K Views
RSS
 Chisco77
(@chisco77)
Active Member
Joined: 12 years ago
Posts: 7
Topic starter 26/02/2013 3:02 am  

Tucker,

you are very kind. This is really fascinating. I'm new at foresncis, but I know I'm goint to learn a lot in this case. At this very moment, I'm creating a virtual machine of the raw image of the computer I'm investigating. I'll try some tools to examine the registry, hives and artifacts.

Thanks a lot for your help!


   
ReplyQuote
 Rampage
(@rampage)
Reputable Member
Joined: 17 years ago
Posts: 354
26/02/2013 3:40 pm  

as far as i know in windows OSes, and on NTFS filesystems when you COPY a file, a new timestamp is defined for the creation date of the target file, while the last modified date is inherited by the source file.
So it's not uncommon on windows formatted hard drive (especially those used for storage purposes) to see file where the creation date is later then the last modify date.
from this you can also infer that the file you are analyzing is most likely a copy of a file which was existing elsewhere and which wasn't edited after the copy process

correct me if i'm wrong.


   
ReplyQuote
 Chisco77
(@chisco77)
Active Member
Joined: 12 years ago
Posts: 7
Topic starter 26/02/2013 3:54 pm  

Rampage,

what you say seems to be the most likely scenario.


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  

Currently viewing this topic 1 guest.

Share: