Are you logged in?
If you WANT to do that (forward or back) it's easy.
Best course of action would be to consult someone in the field of computer forensics.
It can in a specific instance. However it would be fairly hard to change all copies as they exist in archived accounts around the world
If this is some time of corporate archive then subpena the entire system. Do so suddenly and don’t give them time go and change the whole thing. At some point there should be a duplicate day.
Also a good EE guy can look at the system headers and see when a record was modified if it was modified after being created it is not an archival product There should be a change log in the system - At least this is possible with library systems and accounting software
Quick answer: Yes. As easily as resetting the system clock and not connecting to the NIST/NTP server(s) online and then modifying the files.
Solution? Search for an independent source to compare the website files to. Definite answer; a computer forensic examination can exactly determine when a particular file was written to the drive by comparing allocated sectors with nearby ones and following which ones were written before and after nearby and contiguous sectors.
Not cheap, but will definitely answer the question.
If a public archiver like Wayback differs from what someone else is claiming by nothing but themselves, credibility would probably go to Wayback.
file creation/modification dates are extremely easy to modify ex post facto. several tools to do this. it’s one of the techniques viruses use to cover their tracks, namely clever viruses don’t let you find suspicious files based on creation/modification dates relative to when you know the virus first appeared.
Sure, just change the date on the computer. Then save the file. It will be tagged with the time and date on the computer—unless you have the clock automatically set.
It is a good idea to print or download evidence from the Wayback Machine or other public archives, in case it gets scrubbed.
A website is just a publicly viewable computer file, stored on a computer. You can fake file dates just as you can with files on a home computer.
You can check for anachronisms. For example, a file in Word 2010 format with a 1999 file date, or an “old” file that contains a new font.
There can be metadata in a file that the user is not aware of. And that could give them away.
Depending on the website being faked, there could be a lot of backend software that could introduce clues (database files, PHP versions, etc.)
Pretty much anything can be changed.
For example, I’m a photojournalist and one tool I regularly use can change every bit of metadata in photos, from date and time to the camera used and GPS coordinates. Now, I don’t change the data, but I often strip it all out, which is essentially changing all the values to zero.
There are steps that can be taken to ensure files are unchanged — checksums and the like. ...but that really needs to be done as an active thing and can’t really be done ex post facto except to compare a known older file and a current copy. For example, you can compare the submitted version of a file with one extracted from an old backup tape.
...but all this is best left in the hands of competent forensic specialists rather than internet pajamahadin.
if it’s a file you can change any thing. especially a text file. but others as well. Even live in memory stuff. We used to edit the CICS region while it was running, in extreme cases i the editor was called omegamon. not for the faint hearted. if you wanted to change a table entry without an IPL . you can change anything that digital.
from a wiki description.
When OMEGAMON was released by Candle in 1977, it was recognized as the first MVS* real-time monitor. It also provided the system programmers with tools to immediately perform common tasks that normally required the MVS OS to be IPLed.
This is very vague. Please give more details.
What you really want to do is go after the backup tapes (plural) since you mentioned a website I assume they are backing up offsite. Get after them as they will back up the attributes of files (creation, updates, deletions, etc..). Depending on the OS, it may show far, far more such as who had access, extended attributes and depending on the backup type who accessed the files last.
But without more info on “who” the opponent is (i.e., what kind of files and from where), it is hard to answer. For all we know, it was a virtual machine in Amazon’s cloud that has been deleted once and recreated with ACL’s reset across the board.
Yes, simply change the clock time of your computer going back as much as needed. Then copy original files to new names. Finally copy from new names to original file names. Original files files will be stamped with the date you had set on the computer.
But much easier method is to acquire software which can alter dates directly.
It IS possible to change the file date. I don’t know if there is a way to tell that it has been changed though.
Does your “opponent” have [or did he have at any time] unrestricted physical access to the computers on which these files were stored?
Yes and no...
It is easy to ‘touch’ a file, changing the creation/modified date. Some types of files also contain metadata -Internal invisible tracking of editing, which could expose such a fraud - most methods of touching a file would not alter said metadata. But, it is also easy to wipe or alter metadata, if a file does contain it. There can also be change logs in the OS the files were modified on, or on the internet server they were uploaded to. However, these too are easy to change/wipe providing one has access and authority. One can also determine how the file was saved to the drive - But this too is easy to fix, by defragging the drive and mft, and wiping free space.
What you are trying to do is catch somebody who doesn’t know how to change these things... If it is professional IT with full control, you are probably boned.
One way or another, you need a lawyer and a forensic computer specialist to find out. lots of bucks to chase this bet... Better be worth it.
My company does computer forensics. Yes it can be faked BUT it takes an expert. A website isn’t good proof as its so easy to change. If you have proof that it wasn’t there it’s probably better than anything he has.
Hiring experts to prove or disprove is expensive.