[sleuthkit-users] timeline
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] timeline
|
From: Geert V. A. <gee...@pa...> - 2005-09-29 15:26:17
|
Dear list, after creating a timelime with sleuthkit, I get app 700 files with the same date-time stamp. It's on a FAT32 volume and all the files have an "a" (accessed) timestamp. Most of the files belong to a game, and a few system files (dll's, vga driver, ...) are in between it. The timestamp is Fri Jul 29 2005 00:00:00 after the 700 files, the next entry is Fri Jul 29 2005 19:35:46 and from there the files have timestamps who are more "logic", I mean they have 1 or 2 second intervals. Could it be a backup or antivirus prog that accessed all these files, 700 in one second just seems a lot. Does anyone has a better explanation ? Thanks in advance, Geert VAN ACKER |
