Police raids
David_Biggins@usermgmt.com
David_Biggins at usermgmt.com
Sat, 1 Mar 2003 21:03:34 -0000
> -----Original Message-----
> From: Richard Clayton [mailto:richard@highwayman.com]
> Sent: 28 February 2003 14:34
> To: UKcrypto@chiark.greenend.org.uk
> Subject: Re: Police raids
>
> the computer forensics people will tell you that there is often more
> than one file involved when material has been downloaded...
> getting all
> of these files to have consistent date/time settings would be complex
All the files involved will surely have settings within a known range of
times.
A script that examines one such file and identifies the exact timestamp,
asks for the required time, and then converts all timestamps in the
required range by adding the same offset to them would hardly be a big
effort? OK, you'd have to do a bit more than that, but still the sort of
thing that would not be too hard to pre-script if you had malicious intent.
>
> if I was framing someone I'd reset the time on the machine in order to
> get the consistent state, then change it back again. I'd still be
> concerned that there would be evidence of the timing
> anomalies that I'd
> introduced...
A bootable CD with a script is likely to be much safer?
Dave.