Hi,

One of my friends Sandy asked me about the possibility of completely change MACE timestamps. As everybody knows that some tools could change MAC timestamps only. I told her that a tool whose name is "Timestomp" could change MACE timestamps,including Entry Modified Time. She was very surprise and ask me how to use "Timestomp". I will show you as below:

1. A file - test.txt . Look at its MAC timestamps "10/29/2013 09:44:35".

2. Use Timestomp to show MACE timestamps.

3. Now I use Timestomp to change MACE timestamps to earlier time such as "10/08/2005 14:34:56". You could see the MACE timestamps change as exaclty what I want.

4.If you are not sure MACE do change or not, I use other tool to verify the MACE timestamp of this file test.txt again. It works! All timestamps become "10/08/2005 14:34:56".

5. My friend she wonder if suspect use Timestomp to change MACE timestamps, how could I figure it out? Fortunately, there are two kinds of timestamps in MFT. They are Standard info and Filename info. I dump an MFT to csv and you could see them clearly. Even Timestomp could change MACE timestamps, it could only change Sandard info attributes, not including Filename info attributes. So we could take a look at MFT dump results and see if there is any abnormal timestamps between those two timestamp attributes.

Completely change MACE timestamps?的更多相关文章

  1. [转] stat命令输出结果中, Access,Modify,Change的含义

    先建立一个空白文件a.txt 1 [emduser@emd tmp]$ touch a.txt 2   3 [emduser@emd tmp]$ ls -al a.txt 4   5 -rw-rw-r ...

  2. shell学习笔记

    shell学习笔记 .查看/etc/shells,看看有几个可用的Shell . 曾经用过的命令存在.bash_history中,但是~/.bash_history记录的是前一次登录前记录的所有指令, ...

  3. Sphinx 2.2.11-release reference manual

    1. Introduction 1.1. About 1.2. Sphinx features 1.3. Where to get Sphinx 1.4. License 1.5. Credits 1 ...

  4. 初识50个Linux命令

    1. [命令]:cat [功能说明]: concatenate files and print on the standard output #连接文件并打印到标准输出,有标准输出的都可以用重定向定向 ...

  5. From 《Soft Skill》——Chapter 69. My personal success book list

    There have been many excellent books that have greatly influenced what I believe and how I behave. I ...

  6. debugfs恢复文件

    echo "this is test" >xx debugfs: ls -d /root/test1 () . () .. () xx <> () test.c ...

  7. 5 Things They Never Tell You About Making iPhone Apps

    http://blog.teamtreehouse.com/5-things-they-never-tell-you-about-making-iphone-apps So, you've decid ...

  8. Linux学习2——文件与目录

    一.写在前面  在本节将介绍Linux下文件与目录的一些基本概念以及一些基本操作. 二.完成目标 1.了解文件和目录的一些基本概念 2.操作文件和目录的相关命令 3.文件内容查阅命令 4.文件查询命令 ...

  9. 『WPF』DataGrid的使用

    原文 『WPF』DataGrid的使用 几点说明 这里主要是参考了MSDN中关于DataGrid的说明 这里只会简单说明在WPF中,DataGird最简单的使用方法 对于MSDN中的翻译不会很详细,也 ...

随机推荐

  1. oracle里要查看一条sql的执行情况,有没有走到索引,怎么看?索引不能提高效率?

    index scan 索引扫描 full table scan是全表扫描 直接explain plan for 还有个set autotrace什么 索引一定能提高执行效率吗? 索引不能提高效率的情况 ...

  2. H桥电路

    电路特点:有三极管组成4个桥的腿,中间可以使电容或是电机. 应用:直流电机的正反转控制.DC-AC逆变电源(脉冲直流变为周期交流) 关键点:同一个时刻只能对角的一对三极管导通,同侧不能一块导通,共2对 ...

  3. Eclipse内置Tomcat的配置

    1.首先肯定是得下载J2EE版本的eclipse了,再去Apache Tomcat的官网去下一个Tomcat.都解压到自己想放的目录 2.Eclipse -> Preferences -> ...

  4. C++学习18 派生类的析构函数

    和构造函数类似,析构函数也是不能被继承的. 创建派生类对象时,构造函数的调用顺序和继承顺序相同,先执行基类构造函数,然后再执行派生类的构造函数.但是对于析构函数,调用顺序恰好相反,即先执行派生类的析构 ...

  5. [ActionScript 3.0] AS3 时间格式化方法

    /** * 格式化时间,格式 00:00:00 * @param total 总时间(毫秒) */ function getFormatTime(total:uint):String { if (to ...

  6. jquery.cookie.js 配置

    一定要写入cookies路径 一个轻量级的cookie 插件,可以读取.写入.删除 cookie. jquery.cookie.js 的配置 首先包含jQuery的库文件,在后面包含 jquery.c ...

  7. linux双机GFS的配置

    1.两台服务器安装如下包: apr-1.2.7-11.el5_3.1.x86_64.rpmapr-util-1.2.7-11.el5.x86_64.rpmcman-2.0.115-34.el5.x86 ...

  8. 使用 FileZilla FTP Client连接Vsftpd在执行LIST命令后提示连接超时

    使用 FileZilla FTP Client 连接 Vsftpd在执行LIST命令后提示连接超时. vi /etc/vsftpd/vsftpd.conf 添加: #开启被动模式 pasv_enabl ...

  9. nyoj 76 超级台阶

    点击打开链接 超级台阶 时间限制:1000 ms  |  内存限制:65535 KB 难度:3 描述 有一楼梯共m级,刚开始时你在第一级,若每次只能跨上一级或二级,要走上第m级,共有多少走法? 注:规 ...

  10. 在点击HOME键时, 在点击icon回到原来的应用。

    参考资料: http://www.linuxidc.com/Linux/2012-01/51332.htm