Hi,

One of my friends Sandy asked me about the possibility of completely change MACE timestamps. As everybody knows that some tools could change MAC timestamps only. I told her that a tool whose name is "Timestomp" could change MACE timestamps,including Entry Modified Time. She was very surprise and ask me how to use "Timestomp". I will show you as below:

1. A file - test.txt . Look at its MAC timestamps "10/29/2013 09:44:35".

2. Use Timestomp to show MACE timestamps.

3. Now I use Timestomp to change MACE timestamps to earlier time such as "10/08/2005 14:34:56". You could see the MACE timestamps change as exaclty what I want.

4.If you are not sure MACE do change or not, I use other tool to verify the MACE timestamp of this file test.txt again. It works! All timestamps become "10/08/2005 14:34:56".

5. My friend she wonder if suspect use Timestomp to change MACE timestamps, how could I figure it out? Fortunately, there are two kinds of timestamps in MFT. They are Standard info and Filename info. I dump an MFT to csv and you could see them clearly. Even Timestomp could change MACE timestamps, it could only change Sandard info attributes, not including Filename info attributes. So we could take a look at MFT dump results and see if there is any abnormal timestamps between those two timestamp attributes.

Completely change MACE timestamps?的更多相关文章

  1. [转] stat命令输出结果中, Access,Modify,Change的含义

    先建立一个空白文件a.txt 1 [emduser@emd tmp]$ touch a.txt 2   3 [emduser@emd tmp]$ ls -al a.txt 4   5 -rw-rw-r ...

  2. shell学习笔记

    shell学习笔记 .查看/etc/shells,看看有几个可用的Shell . 曾经用过的命令存在.bash_history中,但是~/.bash_history记录的是前一次登录前记录的所有指令, ...

  3. Sphinx 2.2.11-release reference manual

    1. Introduction 1.1. About 1.2. Sphinx features 1.3. Where to get Sphinx 1.4. License 1.5. Credits 1 ...

  4. 初识50个Linux命令

    1. [命令]:cat [功能说明]: concatenate files and print on the standard output #连接文件并打印到标准输出,有标准输出的都可以用重定向定向 ...

  5. From 《Soft Skill》——Chapter 69. My personal success book list

    There have been many excellent books that have greatly influenced what I believe and how I behave. I ...

  6. debugfs恢复文件

    echo "this is test" >xx debugfs: ls -d /root/test1 () . () .. () xx <> () test.c ...

  7. 5 Things They Never Tell You About Making iPhone Apps

    http://blog.teamtreehouse.com/5-things-they-never-tell-you-about-making-iphone-apps So, you've decid ...

  8. Linux学习2——文件与目录

    一.写在前面  在本节将介绍Linux下文件与目录的一些基本概念以及一些基本操作. 二.完成目标 1.了解文件和目录的一些基本概念 2.操作文件和目录的相关命令 3.文件内容查阅命令 4.文件查询命令 ...

  9. 『WPF』DataGrid的使用

    原文 『WPF』DataGrid的使用 几点说明 这里主要是参考了MSDN中关于DataGrid的说明 这里只会简单说明在WPF中,DataGird最简单的使用方法 对于MSDN中的翻译不会很详细,也 ...

随机推荐

  1. DataGridView操作

    C# DataGridView控件动态添加新行 DataGridView控件在实际应用中非常实用,特别需要表格显示数据时.可以静态绑定数据源,这样就自动为DataGridView控件添加相应的行.假如 ...

  2. 转-android 支付宝SDK集成

    http://blog.csdn.net/kroclin/article/details/40746779 一.前言 最近做的项目刚好要集成支付宝,上网找了很多资料,介绍得感觉不是很全面,所以我经过这 ...

  3. ylbtech-dbs:ylbtech-5,RI(报销发票系统)

    ylbtech-dbs:ylbtech-5,RI(报销发票系统) -- =============================================-- DatabaseName:Pur ...

  4. 启动mongoDB 以及常用操作命令

    nonsql    关系数据库 集合  表 文档 行 启动mongoDB之前首先手动创建存放MongoDB数据文件的目录,如e:\mongo_data 执行命令  mongod --dbpath=e: ...

  5. qt opencv

    pro中加入如下代码. INCLUDEPATH += /usr/local/include \ /usr/local/include/opencv \ /usr/local/include/openc ...

  6. 使用maven下载依赖包及maven常见问题汇总

    最近下载了SPRING3.1.4,发现只有SPRING相关的源码,没有其依赖的jar包.SPRING依赖的jar相当多,自己一个一个的下载比较费劲,就仔细阅读了SPRING下载说明,新版本的SPRIN ...

  7. Weblogic重启(转载)

    1.用户名密码登录. 2.切换到weblogic的bin目录下: cd /user/local/weblogic/user_projects/domains/base_domain/bin/ 3.先停 ...

  8. Js 时间与字符串转示例

    <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <m ...

  9. Java的四种引用

    1.强引用(StrongReference)强引用是使用最普遍的引用.如果一个对象具有强引用,那垃圾回收器绝不会回收它.当内存空间不足,Java虚拟机宁愿抛出OutOfMemoryError错误,使程 ...

  10. Android——状态栏通知栏Notification

    1.AndroidManifest.xml注意要同时注册Notification02Activity <!-- 状态通知栏 Notification -->        <acti ...