Home page logo

basics logo Security Basics mailing list archives

RE: Checking when the OS was first installed
From: <Salvador.Manaois () infineon com>
Date: Wed, 1 Jun 2005 09:51:49 +0800

A malicious hacker could easily "touch" these system files to change
their timestamps. If the computer is a member of the domain, there is
information on the computer account's oject properties that describes
when the computer account was created (either pre-created by an
administrator prior to the actual installation, or was created during
the actual installation of OS on the computer itself). 


rants: http://www.rancidroot.blogspot.com

-----Original Message-----
From: Hostas.lt [mailto:klientai () hostas lt] 
Sent: Tuesday, May 31, 2005 9:24 PM
To: security-basics () securityfocus com
Subject: Re: Checking when the OS was first installed

On 2005-05-29 Lubrano di Ciccone, Christophe (DEF) wrote:
The date of the boot.ini file or the winnt folder (%systemroot%) may 
help you.

Maybe, but since it's the configuration file for the bootloader, it is

prone to changes, so this seems very unreliable to me.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches 
becoming available." --Jason Coombs on Bugtraq

There are system.sav and software.sav files in Windows\System32\Config 
which are
dated the system installation time.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]