Encase reports these dates in the following manner as below:-
Windows "File Created" = EnCase “File Created”
Windows "File Modified" = Encase “Last Written”
Windows "File Accessed" = EnCase “Last Accessed”
Windows "MTF last written" = Encase “Entry Modified”
Windows "INFO2 file deleted date/time" = Encase "File Deleted"
Source URL:
http://whereismydata.wordpress.com/2009/04/10/forensics-what-does-entry-modified-mean-in-encase/
http://whereismydata.wordpress.com/2009/02/14/dates-ntfs-created-modified-accessed-written/
https://whereismydata.wordpress.com/tag/entry-modified/
No comments:
Post a Comment