SleuthSayer
New Member
- Joined
- Aug 7, 2008
- Messages
- 374
- Reaction score
- 0
Header attached.still not sure what the columns represent. But since the first column has 2012 timestamps, I'm wondering if the second is the Unix time associated with determining the experiation time (or whatever that first column is).
"Unix time" (or more appropriately described now as POSIX Time) is not a classification of timestamps. It is a statement of what format the timestamp is in. They are all POSIX times.
BTW, there are many timestamps in my TIF files that look probably invalid. E.g., dates in the late 80's and early 90's. I only picked the obviously invalid ones.
BTW2, in my research, I found nothing that indicated that all 8 timestamps being identical is suspicious. There are many sites that tell you what to look for as indicators of intrusion. None of them mentioned identical timestamps.
In fact p. 235 of this document says:
To summarize, when a file is created from scratch, all $STANDARD_INFORMATION and $FILE_NAME values are set to the current time.
The .bmp files are created from scratch (unless they already exist). So, it seems like you should expect them to have identical times unless something happens to cause the browser to have to go open/read them again, hence updating the access time.
But, I'd strong encourage you to do your own research. You're not going to believe mine anyway. Or, stick to believing the "experts", their accuracy has been great so far. :crazy: