Skip main navigation

File dates and times

Article detailing how malware can blend into your computer system by changing file date and times.
© PA Knowledge Ltd | 7Safe Training

File dates and times

Dates and times can be altered to blend malware into its surroundings. Malware may change its dates and times so that it will appear consistent with the dates and times of other (legitimate) files within a given directory or directories.

Note dates and times relating to a file is metadata stored on the file system it resides. Dates and times relating to a file can also be identified within certain file types, such as an MS Office file or an executable file for example.

The dates and times available to a Windows user from the NT File System are called:

• Date Created

• Date Last Written

• Date Last Accessed

Top Tip: Any file with an identical creation date and time (including identical microseconds) should be treated as suspicious until it can be verified.

Other dates and times available to a user from differing file types include:

• Date Acquired

• Date Archived

• Date Completed

• Date Last Saved

• Date Received

• Date Released

• Date Sent

• Date Taken

• Date Visited

File dates and times are taken from the computer clock that processed the file. Remember file dates and in particular file times are relative and care should be taken when interpreting relevance.

Additional information…

The NT File System actually stores 8 metadata fields relating to dates and times for a given file with only 3 of these fields (as detailed above) being made available to a user via the operating system.

Interestingly the last accessed date and time has been disabled in Windows since the introduction of Windows Vista and that was officially introduced in November 2006!

© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education