Posted on 04/29/2015 8:15:40 PM PDT by grumpygresh
Are you logged in?
Interesting. Could you determine if such a program had been used to make the modifications?
If you WANT to do that (forward or back) it's easy.
Right off the bat?
If the record is checksummed and never meant to be modified, then no, not realistically, but given enough time and money, who knows.
Just be suspicious of anything digitized. Hackers forge forgeries of forgeries
I know that the guys I am dealing with have their clocks set correctly. But, I have reason to believe that someone in their organization changed their file dates to avoid losing money or keep their job.
Best course of action would be to consult someone in the field of computer forensics.
It can in a specific instance. However it would be fairly hard to change all copies as they exist in archived accounts around the world
If this is some time of corporate archive then subpena the entire system. Do so suddenly and don’t give them time go and change the whole thing. At some point there should be a duplicate day.
Also a good EE guy can look at the system headers and see when a record was modified if it was modified after being created it is not an archival product There should be a change log in the system - At least this is possible with library systems and accounting software
Quick answer: Yes. As easily as resetting the system clock and not connecting to the NIST/NTP server(s) online and then modifying the files.
Solution? Search for an independent source to compare the website files to. Definite answer; a computer forensic examination can exactly determine when a particular file was written to the drive by comparing allocated sectors with nearby ones and following which ones were written before and after nearby and contiguous sectors.
Not cheap, but will definitely answer the question.
If a public archiver like Wayback differs from what someone else is claiming by nothing but themselves, credibility would probably go to Wayback.
There are several dates in the metadata of the file. You would probably want to check them all. You might catch an anomaly.
I’m not ready to reveal the opponent yet, but I probably will later when I get more info. I do have a lawyer, and will likely get a computer forensics expert when I get more “evidence” to review.
Suing, or getting sued?
file creation/modification dates are extremely easy to modify ex post facto. several tools to do this. it’s one of the techniques viruses use to cover their tracks, namely clever viruses don’t let you find suspicious files based on creation/modification dates relative to when you know the virus first appeared.
Sure, just change the date on the computer. Then save the file. It will be tagged with the time and date on the computer—unless you have the clock automatically set.
It is a good idea to print or download evidence from the Wayback Machine or other public archives, in case it gets scrubbed.
A website is just a publicly viewable computer file, stored on a computer. You can fake file dates just as you can with files on a home computer.
You can check for anachronisms. For example, a file in Word 2010 format with a 1999 file date, or an “old” file that contains a new font.
There can be metadata in a file that the user is not aware of. And that could give them away.
Depending on the website being faked, there could be a lot of backend software that could introduce clues (database files, PHP versions, etc.)
Would the changes leave a trail?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.