00:04
Okay, So another thing to think about as you're doing you're contesting work is
00:09
in the interest of covering your tracks. And we're confusing a investigator. You want to be able to perhaps modify
00:17
the attributes of the files they leave behind,
00:22
whether they are files that information have been gathering or whether it is a
00:28
a part of your tool kit
00:29
that you're using to to interrogate the system.
00:33
So what I want to do first is go to
00:42
the folder where I have my files.
00:52
Second. See, I've got in particular. I'm interested in this file here. Tools down, yaks eat.
00:58
You notice it has a,
01:02
you know, day from a few days ago.
01:07
There's some other ah
01:08
files in the same directory and that you could try to use, um,
01:14
the Times Time Command.
01:19
This lets me modify a lot of this information so I can modify the last access time, modify the creation time, the last written file, the restaurant in time, which is a modification time. Basically, I could also try to copy
01:34
the attributes of a foul that already exists.
01:37
And I can even make these changes reclusive Lee. So if I wanted to change
01:42
an entire Philidor structure from from a certain top Flubber folder all the way down all the files inside there, I could do that. And I resent the dash B the blank option, which will definitely confuse a
01:57
investigator because you're looking at that information, not understanding. Why are these dates all wrong?
02:01
Why are these files not seem to match properly
02:08
so I can try to do We'll see if this works is, uh
02:14
I want to see if I can copy
02:16
the attributes from desktop dot Any?
02:23
Okay, uh, does it can't find that foul. I know what's in this directory.
02:34
Okay, there might be something
02:43
a little bit weird with this.
02:45
Okay, so that's not working, but that's that's fine. We can explore some of the other features.
02:50
One of the ones that one of the things I do want to see, though, is if I run Time Stone
02:57
with the file that I'm interested in
03:01
I can see that it was modified. I can see when it was accessed and created and so on. So it gives me some good information to work with.
03:09
If I'm not able, Thio, copy existing file. What I could do
03:16
either modify these parameters directly.
03:21
So that way I can kind of blend in this tools. Daddy, Actually, I could make it look like it was created
03:25
in 2014 or 2013 or something.
03:31
Ah, one. The other options is just to blank it out.
03:38
Now, if I review the changes that were made,
03:44
it just made the year 2106 used to be 2016. It was an accurate date before,
03:50
but now it's 2106 So if you're the investigator and you were looking at this, you'd be hard pressed to figure out exactly what happened. Although this is a little bit of a
03:59
a blunt method because it's it's changing, the file names her side of the file attributes in such a way that makes it obvious something strange is going on.
04:08
If you were to change this, to blend into a
04:12
existing time stamp from an older file
04:15
that would serve your purpose is better
