Notifications

Clear all

Windows and the BIOS clock

firewire · 2012-12-21T01:50:54Z

Hi, is the Windows OS (XP in this case) clock interlinked with the BIOS/hardware clock? If one manipulates the OS clock does it effect the BIOS/hardware clock and vice versa?Will there never be any difference between the BIOS clock and OS clock on the task bar?Massive thanks.

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by jhup 13 years ago

14 Posts

8 Users

0 Reactions

3,034 Views

RSS

firewire

(@firewire)

Active Member

Joined: 13 years ago

Posts: 14

Topic starter 31/12/2012 2:14 am

Thanks.

Okay. So how does one check the Windows OS date/time was accurate (had not been manipulated) when it was running prior to examination and when you only have a working copy of the drive? ?

ReplyQuote

randomaccess

(@randomaccess)

Reputable Member

Joined: 14 years ago

Posts: 385

31/12/2012 10:08 am

you hope to the forensic gds for a few things

1. the clock was synchronizing to a time server (event logs will indicate the last time it synched and if it changed the clock)
2. they logged out of facebook at some point, because that gives a time in the URL when this incident occured, and the times should match if the clock is accurate.
3. cookies will occasionally od the same thing as above, give a time when the cookie was created, expired etc. depending on the recentcy (new word) of the drive, you can test cookies that have times in them to determine what you're working with (i think theyre in unix times, but you can use decode or time lord to figure out what the time refers to)

if anyone has any other suggestions im all ears, ive had similar situations and the above is what ive come up with

ReplyQuote

jaclaz

(@jaclaz)

Illustrious Member

Joined: 18 years ago

Posts: 5133

31/12/2012 4:51 pm

Thanks.

Okay. So how does one check the Windows OS date/time was accurate (had not been manipulated) when it was running prior to examination and when you only have a working copy of the drive? ?

I guess one has to have a "general idea" of the "amount" of "time shift" expected.

I mean are we talking of days, hours or minutes/seconds?

Was the supposed time/date shift backward or forward?

Which OS is it?

Check this thread also (only seemingly unrelated)
http//www.forensicfocus.com/Forums/viewtopic/t=9329/

jaclaz

ReplyQuote

jhup

(@jhup)

Noble Member

Joined: 16 years ago

Posts: 1442

31/12/2012 7:19 pm

Geesh… Make me feel so old.

I do remember, we could buy an expansion card with RTC.

I guess you are too young to remember the early (and good ol' wink ) days when you booted to an OS and you were prompted to input date and time (no hardware RTC)
http//www.os2museum.com/wp/?page_id=563
The original PC did not have one, and it was introduced in the XT as a (if I remember correctly rather costly) option and became "standard" on the AT
http//en.wikipedia.org/wiki/IBM_PC
http//www.philipstorr.id.au/pcbook/book4/hdxt.htm

jaclaz

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
239 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed