Re: [sleuthkit-users] timeline
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] timeline
|
From: Chuck <chu...@gm...> - 2005-09-29 15:54:44
|
On 9/29/05, Geert VAN ACKER <gee...@pa...> wrote: > after creating a timelime with sleuthkit, I get app 700 files with the > same date-time stamp. It's on a FAT32 volume and all the files have an > "a" (accessed) timestamp. Most of the files belong to a game, and a few > system files (dll's, vga driver, ...) are in between it. > > The timestamp is Fri Jul 29 2005 00:00:00 after the 700 files, the next > entry is Fri Jul 29 2005 19:35:46 and from there the files have > timestamps who are more "logic", I mean they have 1 or 2 second intervals= . I believe FAT only stores the date of last access, not the time, so sleuthkit just puts them all at midnight. Chuck |
