<div>
In addition to the &quot;Modified&quot; timestamp there is a &quot;Created&quot; timestamp. &nbsp;If they only changed the Modified timestamp, then you would still know when the file was created by looking at the Created timestamp. &nbsp;But I don't really know of any way to determine if those two values were tampered with unless you have a second unaltered copy of the same file.
</div>


In addition to the "Modified" timestamp there is a "Created" timestamp.  If they only changed the Modified timestamp, then you would still know when the file was created by looking at the Created timestamp.  But I don't really know of any way to determine if those two values were tampered with unless you have a second unaltered copy of the same file.

<div>
there are 3 values that we can check: created, modified, and accessed. so how can we verify its originality?
</div>


there are 3 values that we can check: created, modified, and accessed. so how can we verify its originality?

<div>
If you can find a link file (shortcut) associated with the file of interest, such as those located in the 'recent documents' folder, it may have the verification timestamps you're looking for. A link file not only tells you when it was created, but keeps a copy of the timestamps of the file that it points to. See this article for <u>L</u>inkfile <u>I</u>n <u>F</u>orensic <u>E</u>xamination details: <a href="http://computerforensics.parsonage.co.uk/downloads/TheMeaningofLIFE.pdf" rel="ugc">http://computerforensics.parsonage.co.uk/downloads/TheMeaningofLIFE.pdf</a>
</div>


If you can find a link file (shortcut) associated with the file of interest, such as those located in the 'recent documents' folder, it may have the verification timestamps you're looking for. A link file not only tells you when it was created, but keeps a copy of the timestamps of the file that it points to. See this article for Linkfile In Forensic Examination details: http://computerforensics.parsonage.co.uk/downloads/TheMeaningofLIFE.pdf [http://computerforensics.parsonage.co.uk/downloads/TheMeaningofLIFE.pdf]

<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
when a file was tampered by someone and they changed the modified time, how can you track the original time of the files that been created? I mean in the security environment, when an security analyst check the integrity of the files.<br />
<br />
Thank you so much
</div>
</div>


Hi,

when a file was tampered by someone and they changed the modified time, how can you track the original time of the files that been created? I mean in the security environment, when an security analyst check the integrity of the files.

Thank you so much

check modified time

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Digital forensics encompasses the recovery and investigation of material found in digital devices, often in relation to computer crime. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil (as part of the electronic discovery process) courts. The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process encompasses the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report into collected evidence.