Index.dat timestamps

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 14 years ago

2 Posts

2 Users

0 Reactions

561 Views

RSS

ThePM

(@thepm)

Reputable Member

Joined: 17 years ago

Posts: 254

Topic starter 31/01/2012 2:45 am

Hi,

I was looking at the timestamps located in an index.dat file analyzed with FTK 3.4.1 and I don't understand how those values are possible.

Here is a sample of the records in the file as parsed by FTK


URL *******

file

user name

response

accessed time 15/07/2011 123833 PM +0000

modified time 15/07/2011 123833 PM +0000

checked time 07/08/2023 65855 PM +0000

expiration time 07/08/2023 65922 PM +0000

hits 6

use counts 0

URL ******* file user name response accessed time 14/07/2011 122251 AM +0000 modified time 14/07/2011 122251 AM +0000 checked time 08/07/1971 94310 PM +0000 expiration time 08/07/1971 94310 PM +0000 hits 3 use counts 0
Looking at another post on the AccessData forums (http//forums.accessdata.com/viewtopic.php?f=27&t=3790&p=13859&hilit=index.dat#p13859) I understand a little bit better what the Accessed Time and the Modified Time values mean. However, I really don't get how the Checked Time and Expiration Time value mentioned above are possible.

Could someone please try and clarify that for me?

Thanks
PM

Quote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

31/01/2012 4:04 am

A couple of questions that come to mind…

Which version of Windows is this index.dat file from?

What is the full path to this index.dat file?

Have you verified your findings with another tool?

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
239 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed