Last written time for JPG

Greetings,

Do you have access to the camera? Can you check to see what the date and time settings are on it? Is it possible that the photo was taken when the camera's clock was off? Have you checked the EXIF information from the jpg?

-David

The date is weird. It looked like to me that the date was in DD/MM/YYYY format to me.

I just tested with my Casio EX-Z75 Camera. I set the date format on the camera to the above format and set the date to replicate yours. I took a picture and brought it into X-Ways. The date modifed showed 9/29/2008. I'm not sure what would be going on if the rest of the dates are showing up in the proper format.

Anyway, sorry I couldn't help further.

thanks for the reply and I don't have the camera with me.

therefore, I can only review the content of the data from my copy of forensic image.

I suspected there will be the date format from CASIO which affect my analysis. In addition, I google any information regarding analysis CASIO camera photo, but so far no hit is relevant.

If you know any other information, please feel free to drop me some lines.

wink

based on my experience, the "last written date" on encase or "modified date" on x-ways are the dates when the picture was captured; i.e. they depend on the settings of the camera for the time & date.. if the setting are not correct, then i'm sorry mate, it very difficult to use the timestamp..

Unless I missed it, I think we need to clarify which dates we're considering. In XWF, the modified date pertains to the file on the medium under examination. It's the date from the MFT/DirectoryEntry/Etc. It may or may not be the date when the image was captured. For that information, XWF will readily reveal the EXIF data. There are at least three dates in EXIF, and I believe that DateTimeOriginal is the most precise, insofar as determining capture date/time (the date fields are often identical, anyway).