Hi,

One of my friends Sandy asked me about the possibility of completely change MACE timestamps. As everybody knows that some tools could change MAC timestamps only. I told her that a tool whose name is "Timestomp" could change MACE timestamps,including Entry Modified Time. She was very surprise and ask me how to use "Timestomp". I will show you as below:

1. A file - test.txt . Look at its MAC timestamps "10/29/2013 09:44:35".

2. Use Timestomp to show MACE timestamps.

3. Now I use Timestomp to change MACE timestamps to earlier time such as "10/08/2005 14:34:56". You could see the MACE timestamps change as exaclty what I want.

4.If you are not sure MACE do change or not, I use other tool to verify the MACE timestamp of this file test.txt again. It works! All timestamps become "10/08/2005 14:34:56".

5. My friend she wonder if suspect use Timestomp to change MACE timestamps, how could I figure it out? Fortunately, there are two kinds of timestamps in MFT. They are Standard info and Filename info. I dump an MFT to csv and you could see them clearly. Even Timestomp could change MACE timestamps, it could only change Sandard info attributes, not including Filename info attributes. So we could take a look at MFT dump results and see if there is any abnormal timestamps between those two timestamp attributes.

Completely change MACE timestamps?的更多相关文章

  1. [转] stat命令输出结果中, Access,Modify,Change的含义

    先建立一个空白文件a.txt 1 [emduser@emd tmp]$ touch a.txt 2   3 [emduser@emd tmp]$ ls -al a.txt 4   5 -rw-rw-r ...

  2. shell学习笔记

    shell学习笔记 .查看/etc/shells,看看有几个可用的Shell . 曾经用过的命令存在.bash_history中,但是~/.bash_history记录的是前一次登录前记录的所有指令, ...

  3. Sphinx 2.2.11-release reference manual

    1. Introduction 1.1. About 1.2. Sphinx features 1.3. Where to get Sphinx 1.4. License 1.5. Credits 1 ...

  4. 初识50个Linux命令

    1. [命令]:cat [功能说明]: concatenate files and print on the standard output #连接文件并打印到标准输出,有标准输出的都可以用重定向定向 ...

  5. From 《Soft Skill》——Chapter 69. My personal success book list

    There have been many excellent books that have greatly influenced what I believe and how I behave. I ...

  6. debugfs恢复文件

    echo "this is test" >xx debugfs: ls -d /root/test1 () . () .. () xx <> () test.c ...

  7. 5 Things They Never Tell You About Making iPhone Apps

    http://blog.teamtreehouse.com/5-things-they-never-tell-you-about-making-iphone-apps So, you've decid ...

  8. Linux学习2——文件与目录

    一.写在前面  在本节将介绍Linux下文件与目录的一些基本概念以及一些基本操作. 二.完成目标 1.了解文件和目录的一些基本概念 2.操作文件和目录的相关命令 3.文件内容查阅命令 4.文件查询命令 ...

  9. 『WPF』DataGrid的使用

    原文 『WPF』DataGrid的使用 几点说明 这里主要是参考了MSDN中关于DataGrid的说明 这里只会简单说明在WPF中,DataGird最简单的使用方法 对于MSDN中的翻译不会很详细,也 ...

随机推荐

  1. C语言sizeof

    一.关于sizeof 1.它是C的关键字.是一个运算符,不是函数: 2.一般用法为sizeof 变量或sizeof(数据类型):后边这种写法会让人误认为是函数,但这种写法是为了防止和C中类型修饰符(s ...

  2. RabbitMQ介绍5 - 集群

    RabbitMQ内建集群机制,利用Erlang提供的开放电信平台(OTP,Open telecom Platform)通信框架,使得集群很容易进行横向扩展,提高系统吞吐量.这里只讨论集群的概念.原理, ...

  3. Hololens开发笔记之Gesture手势识别(基本介绍)

    手势识别是HoloLens交互的重要输入方法之一.HoloLens提供了底层API和高层API,可以满足不同的手势定制需求.底层API能够获取手的位置和速度信息,高层API则借助手势识别器来识别预设的 ...

  4. 浅谈Dynamic 关键字系列之一:dynamic 就是Object(转)

    C# 4.0提供了一个dynamic 关键字,那么什么是dynamic,究竟dynamic是如何工作的呢? 从最简单的示例开始: static void Main(string[] args) { d ...

  5. spring mvc中的json整合

    spring mvc整合过程中是有版本兼容的问题.具体的哪个版本的springmvc和哪个个版本的json包冲突我也无从考证了.我用的springmvc版本是3.2.1jaskson的版本是 1.1. ...

  6. Mingyang.net:org.springframework.context.annotation.ConflictingBeanDefinitionException

    org.springframework.context.annotation.ConflictingBeanDefinitionException: Annotation-specified bean ...

  7. 百度之星IP聚合(水题map&字符处理)

    虽然题目停水的,但是好像字符处理运用的还比较合适 Problem Description 当今世界,网络已经无处不在了,小度熊由于犯了错误,当上了度度公司的网络管理员,他手上有大量的 IP列表,小度熊 ...

  8. 第二章 I - The 3n + 1 problem(2.4.2)

    这是一道很坑爹的题,一定注意输入的两个数的大小,并且不能简单的交换,因为在最后的输出的时候还需要将原来的数按照原来的顺序和大小,这就是为什么还得开辟两个值得原因 Description Problem ...

  9. @Valid springMVC bean校验不起作用

    @RequestMapping("/add2") public String addStudentValid(@Valid @ModelAttribute("s" ...

  10. es增量自定义更新的脚本

    安装需要可软件 sudo apt-get install python-pip sudo pip install elasticsearch; sudo apt-get install python- ...