Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: When the program was installed

From: "Adam Pal-Moldovan" <pal_adam () gmx net>
Date: Wed, 06 Jun 2007 18:44:03 +0200
I am not sure what are you looking for since your problem doesnt really sound like a typical forensic problem, but you 
can boot it with a helix-cd, eventualy extract it as an image,and use following tools on it, in the output you should 
be able to see some details about the time:
ils
http://www.sleuthkit.org/sleuthkit/man/ils.html

fls
http://www.sleuthkit.org/sleuthkit/man/fls.html

I have to mention that i am not sure if that timestamp cannot be manipulated.
Did you checked it also in win2k-right click properties?



Adam Pal



-------- Original-Nachricht --------
Datum: Wed, 6 Jun 2007 04:14:54 -0700 (PDT)
Von: Juan B <juanbabi () yahoo com>
An: security-basics () securityfocus com
Betreff: When the program was installed


Hi All !

I am working with a win 2000 pro machine.
I need to do some basic forensics and know when a
particilar program was installed, in which date and
hour (optional). the program is seen in the Add and
remove programs.

How can I know when it was installed?

Thanks a lot.

Juan


 
____________________________________________________________________________________
We won't tell. Get more on shows you hate to love 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265 


-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
Previous By Date Next
Previous By Thread Next

Current thread: