Any Win32 system with Posix compatibility (NT line and later) or NT
Resource Kit has had the touch command installed, so it is not a new
problem.
The version in my NT Resource Kit is

File Version: 4.00
Description: Microsoft® Touch Timestamp Utility
Copyright: Copyright (C) Microsoft Corp. 1981-1996

If the copyright is anything, it comes from XENIX in 1981.

Bill Royds
System Administrator, CHIN
ph: (819) 994-1200 X 239

H C <keydet89yahoo.com>
01/07/02 11:16 AM

        To: forensicssecurityfocus.com
        cc: (bcc: Bill Royds/HullOttawa/PCH/CA)
        Subject: 'touch' on Win32

To all,

This weekend, I wrote a simple Perl script that
implements *nix 'touch' functionality on Win32
systems, via the Win32 API. The script is available
from:

http://patriot.net/~carvdawg/perl.html

My questions to the list members are:

Has anyone seen such a functionality used, not only on
Win32 systems, but *any* system, during an
investigation?

What effect would such a utility have on an
investigation, particularly one being prosecuted?
(this question is primarily to the expert witnesses,
but I'd be glad to hear from anyone)

Thanks,

Carv

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]