mailing list archives
RE: Checking when the OS was first installed
From: <Salvador.Manaois () infineon com>
Date: Wed, 1 Jun 2005 09:51:49 +0800
A malicious hacker could easily "touch" these system files to change
their timestamps. If the computer is a member of the domain, there is
information on the computer account's oject properties that describes
when the computer account was created (either pre-created by an
administrator prior to the actual installation, or was created during
the actual installation of OS on the computer itself).
From: Hostas.lt [mailto:klientai () hostas lt]
Sent: Tuesday, May 31, 2005 9:24 PM
To: security-basics () securityfocus com
Subject: Re: Checking when the OS was first installed
On 2005-05-29 Lubrano di Ciccone, Christophe (DEF) wrote:
The date of the boot.ini file or the winnt folder (%systemroot%) may
Maybe, but since it's the configuration file for the bootloader, it is
prone to changes, so this seems very unreliable to me.
"All vulnerabilities deserve a public fear period prior to patches
becoming available." --Jason Coombs on Bugtraq
There are system.sav and software.sav files in Windows\System32\Config
dated the system installation time.
- RE: Checking when the OS was first installed Salvador.Manaois (Jun 01)