Hello all,
I'm new to Computer Forensics and studying in College. To be honest, with no real world experience it's a bit daunting at times to say the least.
I'm examining a XP machine that has evidence of an "eraser" type program being ran. I'm attempting to verify my computer usage time line and ran into some last access date stamps of 2072.
For some reason I think I've heard of this and my instincts tell me not to worry about the last accessed time and focus on the last modified time stamp -which matches my time line perfectly.
here are some of the file names with the 2072 access date
hprof.dll (Java driver maybe), mendoza , lord_howe (these two are travel destinations).
Note Known good time and active time bias between suspect media and forensic workstation have been verifyed.
Thanks for the help.
Sounds like timestamp manipulation to me.
To be sure, attempt to identify the File Erasing program that was used, grab a copy and do some testing with it.
Hey thanks pbobby for the reply. I'm super excited to have this forum as a resource!
My teacher moves at break-neck speed. I've never studied a subject where every word that came from the instructors mouth was important and needing to be digested. No recap, it's all new and just keeps moving. I have very little foundation in this field, little real world application to help cement the processes into my brain.
It's like trying to build a straight wall out of bricks and mortar, and doing it at a full out sprint… with one arm… and blindfolded…
Thanks again and I will get back to everyone once I come up with more info.