Forensics Mode:
(Page 40 of 84)  < Prev  35 36 37 38 39 40 41 42 43 44 45  Next >
Re: mactimes - not reliable. 2004-11-15
icathar club-internet fr
You will find at this URL the possibility to access what I find a very good
article on time stamp :
http://www.compseconline.com/digitalinvestigation/tableofcontents.htm#is
sue1

"Time and Date Issues in Forensic Computing " (but you will need to fill in
a form)

They discuss in length the fact th

[ more ]  [ reply ]
Re: mactimes 2004-11-12
Frankie Li (frankie cheesy ca)
In-Reply-To: <94E8EDDCAAF18E4FA88767BFE6F99CED0880995C@pjean405>

I have tested MAC time on different OS and File Systems. For example, FAT file system only kept Access time in date, but both M time and C time kepts both date and time. On the other hand, NTFS or Linux file system kept both data an

[ more ]  [ reply ]
Re: mactimes 2004-11-11
Matthew Farrenkopf (farrenkm ohsu edu)
>>> "Potter, Timothy" <Timothy.F.Potter (at) pjc (dot) com [email concealed]> 11/10/2004 8:29:38 AM
>>>
>If mactimes can easily be modified by a hacker, then would I know, and
how
>would mactimes be utilized in court?
>
>I have a Microsoft Excel file on a fat12 floppy disk.
>Here are the mactimes:
>
>modified: 9/28/2004 @ 9:12A

[ more ]  [ reply ]
Re: mactimes 2004-11-11
Jason Coombs (jasonc science org)
Any number of programs that copy files will consider the new file to be different from the old file, and reset the creation date/time.

EnCase does that when you do a copy from a forensic image. The idea (remember, all software is just a bunch of ideas that passed through the heads of programmers) i

[ more ]  [ reply ]
RE: MD5 Collisions and Evidence Integrity 2004-11-11
Akin, Thomas (ISS Atlanta) (takin iss net)
> From: ¥ dosman ¥ [mailto:dosman33 (at) hotmail (dot) com [email concealed]]
> Subject: Re: MD5 Collisions and Evidence Integrity
>
> Actually MD5 hasn't been broken... yet. A close cousin to MD5 was broken,
> not the actual MD5 as we know it.

Not true, the earlier collisions did use different initialization values than th

[ more ]  [ reply ]
RE: MD5 Collisions and Evidence Integrity 2004-11-11
Butterworth, Jim (jim butterworth guidancesoftware com)
I guess my question would be the method employed to hash evidence. If a
collision occurred during the hash of evidence, either a single file, or
a bit stream of a group of bits, and the resultant was an inaccurate
hash, what would the likelihood be of obtaining that same "collided"
hash during the

[ more ]  [ reply ]
RE: mactimes 2004-11-11
Bénoni MARTIN (Benoni MARTIN libertis ga)
Let's clear up this:
- The atime field is updated each time the pointer to the file's data blocks is followed and the file's data is read.
- The mtime field is updated each time the file's data changes.
- The ctime field is updated each time the file's inode changes.

There is NO WAY under stand

[ more ]  [ reply ]
Re: MD5 Collisions and Evidence Integrity 2004-11-11
Maarten Van Horenbeeck (maarten daemon be)
Hi Rob,

In most of the recent forensics studies I've seen presented, MD5 was still
used as sole hashing algorithm to prove integrity of the collected
evidence. It's still the only supported hashing method by a number of
popular forensic investigation tools. In some cases, forensic analysts
have m

[ more ]  [ reply ]
Re: MD5 Collisions and Evidence Integrity 2004-11-10
¥ dosman ¥ (dosman33 hotmail com) (3 replies)
Actually MD5 hasn't been broken... yet. A close cousin to MD5 was broken,
not the actual MD5 as we know it. It's still safe to use MD5 for the time
being. However I would be on the look out for a replacement if and when one
becomes available. Sure there's SHA1, but of course a pair of digests to

[ more ]  [ reply ]
Re: MD5 Collisions and Evidence Integrity 2004-11-11
Hrvoje Spoljar (spole x pbf hr)
RE: MD5 Collisions and Evidence Integrity 2004-11-12
dave kleiman (dave isecureu com)
Re: MD5 Collisions and Evidence Integrity 2004-11-11
Damian Menscher (menscher uiuc edu)
mactimes 2004-11-10
Potter, Timothy (Timothy F Potter pjc com) (6 replies)
If mactimes can easily be modified by a hacker, then would I know, and how
would mactimes be utilized in court?

I have a Microsoft Excel file on a fat12 floppy disk.
Here are the mactimes:

modified: 9/28/2004 @ 9:12AM CST
accessed: 9/29/2004 @ 4:38PM CST
created: 10/1/2004 @ 1:12 AM

So, how can t

[ more ]  [ reply ]
Re: mactimes - not reliable. 2004-11-13
David M. Andersen (danderse uncc edu)
RE: mactimes 2004-11-12
Amin Lalji (amin lalji intelysis com)
Re: mactimes 2004-11-11
Frank Knobbe (frank knobbe us)
Re: mactimes 2004-11-12
Rogan Dawes (discard dawes za net)
Re: mactimes 2004-11-12
Valdis Kletnieks vt edu
RE: mactimes 2004-11-11
Warren Kruse (wgkruse computer-forensic com)
(Page 40 of 84)  < Prev  35 36 37 38 39 40 41 42 43 44 45  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus