Hi,

One of my friends Sandy asked me about the possibility of completely change MACE timestamps. As everybody knows that some tools could change MAC timestamps only. I told her that a tool whose name is "Timestomp" could change MACE timestamps,including Entry Modified Time. She was very surprise and ask me how to use "Timestomp". I will show you as below:

1. A file - test.txt . Look at its MAC timestamps "10/29/2013 09:44:35".

2. Use Timestomp to show MACE timestamps.

3. Now I use Timestomp to change MACE timestamps to earlier time such as "10/08/2005 14:34:56". You could see the MACE timestamps change as exaclty what I want.

4.If you are not sure MACE do change or not, I use other tool to verify the MACE timestamp of this file test.txt again. It works! All timestamps become "10/08/2005 14:34:56".

5. My friend she wonder if suspect use Timestomp to change MACE timestamps, how could I figure it out? Fortunately, there are two kinds of timestamps in MFT. They are Standard info and Filename info. I dump an MFT to csv and you could see them clearly. Even Timestomp could change MACE timestamps, it could only change Sandard info attributes, not including Filename info attributes. So we could take a look at MFT dump results and see if there is any abnormal timestamps between those two timestamp attributes.

Completely change MACE timestamps?的更多相关文章

  1. [转] stat命令输出结果中, Access,Modify,Change的含义

    先建立一个空白文件a.txt 1 [emduser@emd tmp]$ touch a.txt 2   3 [emduser@emd tmp]$ ls -al a.txt 4   5 -rw-rw-r ...

  2. shell学习笔记

    shell学习笔记 .查看/etc/shells,看看有几个可用的Shell . 曾经用过的命令存在.bash_history中,但是~/.bash_history记录的是前一次登录前记录的所有指令, ...

  3. Sphinx 2.2.11-release reference manual

    1. Introduction 1.1. About 1.2. Sphinx features 1.3. Where to get Sphinx 1.4. License 1.5. Credits 1 ...

  4. 初识50个Linux命令

    1. [命令]:cat [功能说明]: concatenate files and print on the standard output #连接文件并打印到标准输出,有标准输出的都可以用重定向定向 ...

  5. From 《Soft Skill》——Chapter 69. My personal success book list

    There have been many excellent books that have greatly influenced what I believe and how I behave. I ...

  6. debugfs恢复文件

    echo "this is test" >xx debugfs: ls -d /root/test1 () . () .. () xx <> () test.c ...

  7. 5 Things They Never Tell You About Making iPhone Apps

    http://blog.teamtreehouse.com/5-things-they-never-tell-you-about-making-iphone-apps So, you've decid ...

  8. Linux学习2——文件与目录

    一.写在前面  在本节将介绍Linux下文件与目录的一些基本概念以及一些基本操作. 二.完成目标 1.了解文件和目录的一些基本概念 2.操作文件和目录的相关命令 3.文件内容查阅命令 4.文件查询命令 ...

  9. 『WPF』DataGrid的使用

    原文 『WPF』DataGrid的使用 几点说明 这里主要是参考了MSDN中关于DataGrid的说明 这里只会简单说明在WPF中,DataGird最简单的使用方法 对于MSDN中的翻译不会很详细,也 ...

随机推荐

  1. [Linux] Netstat 执行过慢,占CPU100%,原因查找

    一.缘由: 待续 二.解决办法: netstat -tlnp netstat -nap|grep pid ss |grep pid ss -s sar -u 1 10 strace -FfT -o n ...

  2. [实变函数]2.3 开集 (open set), 闭集 (closed set), 完备集 (complete set)

    1        $$\beex \bea E\mbox{ 是开集}&\lra E^o=E\\        &\lra \forall\ P_0\in E,\ \exists\ U( ...

  3. iis7.5中使用fastcgi方式配置php5.6.5

    1.下载php-5.6.5,解压到d:/servers/php.修改extension_dir,放开用到的.dll文件:修改timezone=Asia/Shanghai; 2.如果在命令行执行php ...

  4. 转--Android实现ListView过滤功能,继承于BaseAdapter,非ArrayAdapter。

    其实实现ListView过滤功能最方便的便是使用ArrayAdapter,里面自带的getFilter()方法能很方便的实现此功能,但是在实际的开发中,一般都是继承于BaseAdapter.还有一种是 ...

  5. keil逻辑分析仪的使用:

    http://blog.sina.com.cn/s/blog_4e0175750101kt13.html

  6. REDHAT6.2配置yum源(64位)(转载)

    From:http://www.dedecms8.com/db/php_bc/12322.html 1.删除redhat原有的yum rpm -aq|grep yum|xargs rpm -e --n ...

  7. [Flex] ButtonBar系列——arrowKeysWrapFocus属性如果为 true,则使用箭头键在组件内导航时,如果击中某一端则将折回。

    <?xml version="1.0" encoding="utf-8"?> <!--arrowKeysWrapFocus 如果为 true, ...

  8. Java中的Property类

    Property是JAVA中的属性操作类,该类在java.util包中,它是HashTable的子类. 常用函数列表: l  Properties() n  构造函数 l  setProperty(S ...

  9. jquery mobile导致无法修改textarea的高度

    在引用了jquery mobile的js库和样式的页面中,添加textarea标签,会导致无法调整其height属性,不管是用CSS还是JS,最终都会被替换成height=52px 解决办法:在页面中 ...

  10. gRPC java 客户端,服务器端通讯使用json格式

    使用 protobuf 作为通讯内容序列化的简单例子请看:http://www.cnblogs.com/ghj1976/p/5458176.html . 本文是使用 json 做为内容序列化的简单例子 ...