ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "MAC times"

From ForensicsWiki
Jump to: navigation, search
m
m
Line 1: Line 1:
 
'''MAC times''' are timestamps of the latest ''modification'', ''access'' or ''change'' of a certain file.
 
'''MAC times''' are timestamps of the latest ''modification'', ''access'' or ''change'' of a certain file.
 +
 
With Windows Vista, the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate' is set to '1' by default, which means that no last access timestamp will be written at all.
 
With Windows Vista, the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate' is set to '1' by default, which means that no last access timestamp will be written at all.
  

Revision as of 16:43, 19 April 2008

MAC times are timestamps of the latest modification, access or change of a certain file.

With Windows Vista, the registry key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate' is set to '1' by default, which means that no last access timestamp will be written at all.

Example

External Links