Difference between pages "Timestomp" and "Talk:List of Script Based Incident Response Tools"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: {{Expand}} A tool that allows the user to modify all four NTFS timestamps (MACE) values. Developed by James C. Foster and Vincent Liu. Although this program is designed to fru...)
 
(New page: This page should probably be scrapped in favor of Category:Incident response tools. ~~~~)
 
Line 1: Line 1:
{{Expand}}
+
This page should probably be scrapped in favor of [[:Category:Incident response tools]]. [[User:Jessek|Jessek]] 05:29, 20 April 2007 (PDT)
 
+
A tool that allows the user to modify all four [[NTFS]] timestamps (MACE) values. Developed by [[James C. Foster]] and [[Vincent Liu]]. Although this program is designed to frustrate forensic analysis, it should be noted that its use can be easily detected. Because the program deletes all time stamp information, it is a dead giveaway that something is amiss on the system. Any normal system has at least ''some'' timestamp information. The total absence of such is a dead giveaway that a user has tried to hide something.
+
 
+
== External Links ==
+
* [http://www.metasploit.com/projects/antiforensics/timestomp.exe Timestomp.exe]
+
* [http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-foster-liu-update.pdf Presentation at Blackhat 2005]
+
 
+
[[Category:Anti-forensics tools]]
+

Latest revision as of 08:29, 20 April 2007

This page should probably be scrapped in favor of Category:Incident response tools. Jessek 05:29, 20 April 2007 (PDT)