How to check all timestamps of a file

标签：http   技术   blog   directory   img   amp   vol   ges   tor   

A friend of mine she asked me how to check all timestamps of a file on an NTFS volume. She did not have EnCase or FTK in hand. So I gave her FTK Imager and  showed her the creation time, access time and modified time of a file. All she need to do is to take a look at properties of file.

Where is the entry modified time(or record date)? Here you are. Don‘t forget the timestamps in FTK Imager is UTC, not local time!!! 

Second I showed her another option - Winhex. Check Options->Directory Browser to make sure all four timestamps will show up in file lists. Now she could see all four timestamps in local time format in file lists.

How to check all timestamps of a file

标签：http   技术   blog   directory   img   amp   vol   ges   tor   

原文地址：http://www.cnblogs.com/pieces0310/p/6280086.html