I'm failing to see the point of this response.

> A Win32 port of the Unix touch utility is available
> at
> http://unxutils.sourceforge.net/. This port is a
> native Win32
> application and does not require Cygwin or a perl
> interpreter.

My original post never said, "Hey look at this new
thing I've done." In fact, I am fully aware that it
isn't new at all. The Perl script that I wrote was
intended to show, programmatically, *how* this is
done. The SetFileTime() API, for example, doesn't
seem to require Administrator privileges.

Further, the script I wrote changes all of the
FILETIMES, not just last access and modification.

The issue I see is that this sort of functionality
could have potentially devastating effects on
forensics analysis and prosecution...which is the
reason I asked the questions in my original post
(neither of which, by the way, was "where can I get
another touch utility?").

I have spoken to a few individuals who have experience
in the forensics field from the LE perspective.
Fortunately, none of the ones I spoke to have seen
this sort of functionality in place during an
investigation.

Carv

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]