Tampering with hubby's computer

eric oyen eric.oyen at gmail.com
Mon Dec 23 22:13:51 MST 2013 

that is possible, but it also depends on how windows was setup. There is an option where windows will check a time server just after startup. This is buried fairly deep in the settings and can be a little difficult to find.

Also, windows (per NTFS journaling) will show the last access date and time (even if all you did was read the file only). In fact, a good computer forensics expert can tell exactly when the machine was started and even how long after that the user started doing things on the machine. THere is also the swap file (virtual memory) to consider. with the right program, one can tell what was in the memory of the machine just before last session shutdown (requires external OS running a package like Encase).

One last item, unless you take extreme measures to erase files, they will still exist and still be accessible (even after a delete).

-eric

On Dec 23, 2013, at 6:55 PM, Derek Trotter wrote:

> The woman in this story is charged with putting some fairly disgusting stuff on her husband's computer in an attempt to frame him.  Investigators checked out the computer and found the pictures were put on the computer at a time when her husband wasn't at home.
> 
> With linux is there a log that  is usually kept or that could be enabled that would log any changes in the system's date or time? Is there a way to tell if someone had gone into the bios, changed the date and then changed it back?  I have to wonder if this woman would have gotten away with it if she had changed the date before putting the pictures on the computer, then changing it back.
> 
> http://www.foxnews.com/us/2013/12/23/pennsylvania-woman-tried-to-frame-hubby-with-child-porn/?intcmp=latestnews
> 
> -- 
> "I get my copy of the daily paper, look at the obituaries page, and if I’m not there, I carry on as usual."
> 
> Patrick Moore
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list