Completely change MACE timestamps?
Hi,
One of my friends Sandy asked me about the possibility of completely change MACE timestamps. As everybody knows that some tools could change MAC timestamps only. I told her that a tool whose name is "Timestomp" could change MACE timestamps,including Entry Modified Time. She was very surprise and ask me how to use "Timestomp". I will show you as below:
1. A file - test.txt . Look at its MAC timestamps "10/29/2013 09:44:35".
2. Use Timestomp to show MACE timestamps.
3. Now I use Timestomp to change MACE timestamps to earlier time such as "10/08/2005 14:34:56". You could see the MACE timestamps change as exaclty what I want.
4.If you are not sure MACE do change or not, I use other tool to verify the MACE timestamp of this file test.txt again. It works! All timestamps become "10/08/2005 14:34:56".
5. My friend she wonder if suspect use Timestomp to change MACE timestamps, how could I figure it out? Fortunately, there are two kinds of timestamps in MFT. They are Standard info and Filename info. I dump an MFT to csv and you could see them clearly. Even Timestomp could change MACE timestamps, it could only change Sandard info attributes, not including Filename info attributes. So we could take a look at MFT dump results and see if there is any abnormal timestamps between those two timestamp attributes.
Completely change MACE timestamps?的更多相关文章
- [转] stat命令输出结果中, Access,Modify,Change的含义
先建立一个空白文件a.txt 1 [emduser@emd tmp]$ touch a.txt 2 3 [emduser@emd tmp]$ ls -al a.txt 4 5 -rw-rw-r ...
- shell学习笔记
shell学习笔记 .查看/etc/shells,看看有几个可用的Shell . 曾经用过的命令存在.bash_history中,但是~/.bash_history记录的是前一次登录前记录的所有指令, ...
- Sphinx 2.2.11-release reference manual
1. Introduction 1.1. About 1.2. Sphinx features 1.3. Where to get Sphinx 1.4. License 1.5. Credits 1 ...
- 初识50个Linux命令
1. [命令]:cat [功能说明]: concatenate files and print on the standard output #连接文件并打印到标准输出,有标准输出的都可以用重定向定向 ...
- From 《Soft Skill》——Chapter 69. My personal success book list
There have been many excellent books that have greatly influenced what I believe and how I behave. I ...
- debugfs恢复文件
echo "this is test" >xx debugfs: ls -d /root/test1 () . () .. () xx <> () test.c ...
- 5 Things They Never Tell You About Making iPhone Apps
http://blog.teamtreehouse.com/5-things-they-never-tell-you-about-making-iphone-apps So, you've decid ...
- Linux学习2——文件与目录
一.写在前面 在本节将介绍Linux下文件与目录的一些基本概念以及一些基本操作. 二.完成目标 1.了解文件和目录的一些基本概念 2.操作文件和目录的相关命令 3.文件内容查阅命令 4.文件查询命令 ...
- 『WPF』DataGrid的使用
原文 『WPF』DataGrid的使用 几点说明 这里主要是参考了MSDN中关于DataGrid的说明 这里只会简单说明在WPF中,DataGird最简单的使用方法 对于MSDN中的翻译不会很详细,也 ...
随机推荐
- fiddle 中 显示serverIp
1.快捷键Ctrl+R 或者 菜单->Rules->Customize Rules 2.在CustomRules.js文件里Ctrl+F查找字符串 static function Ma ...
- ylbtech-dbs:ylbtech-7,welfareSystem(福利发放系统)
ylbtech-dbs:ylbtech-7,welfareSystem(福利发放系统) -- =============================================-- Datab ...
- ios下,对于position:fixed支持不完美的额解决方案
ios下,当有文本框时,会调用输入法,而这个时候,定位(fixed)在底部的东西,就会被弹上例,离底部有段距离,这算是个坑了. 我的解决方案是这样的. 除了定位在底部的元素外,用一个大div把其他元素 ...
- 彻底删除mysql服务
http://wenku.baidu.com/link?url=XEOFkNXElJV6FoBDOs7m7BlDUv9-ZuLbRbeVwbMa7AXa8ukZ6oIpiYYy3gNnITmP911M ...
- ELK stack elasticsearch/logstash/kibana 关系和介绍
ELK stack elasticsearch 后续简称ES logstack 简称LS kibana 简称K 日志分析利器 elasticsearch 是索引集群系统 logstash 是日志归集集 ...
- (medium)LeetCode 241.Different Ways to Add Parentheses
Given a string of numbers and operators, return all possible results from computing all the differen ...
- Python访问私有变量
代码: class Counter(object): __secount=0 publicfs=0 def getcount(self): self.__secount+=1 self.publicf ...
- ubuntu 服务管理
在Linux系统下,一个Services的启动.停止以及重启通常是通过/etc/init.d目录下的脚本来控制的.然而,在启动或改变运行级别时,是在/etc/rcX.d中来搜索脚本.其中X是运行级别的 ...
- 【转】find命令
Linux中find常见用法示例·find path -option [ -print ] [ -exec -ok command ] {} \;find命令的参数: pathname: find命令 ...
- Oracle Cluster Registry Location to be Added is not Accessible
APPLIES TO: Oracle Server - Enterprise Edition - Version 11.2.0.1 and laterInformation in this docum ...