Skip main navigation

File dates and times

Article detailing how malware can blend into your computer system by changing file date and times.
File dates and times

Dates and times can be altered to blend malware into its surroundings. Malware may change its dates and times so that it will appear consistent with the dates and times of other (legitimate) files within a given directory or directories.

Note dates and times relating to a file is metadata stored on the file system it resides. Dates and times relating to a file can also be identified within certain file types, such as an MS Office file or an executable file for example.

The dates and times available to a Windows user from the NT File System are called:

• Date Created

• Date Last Written

• Date Last Accessed

Top Tip: Any file with an identical creation date and time (including identical microseconds) should be treated as suspicious until it can be verified.

Other dates and times available to a user from differing file types include:

• Date Acquired

• Date Archived

• Date Completed

• Date Last Saved

• Date Received

• Date Released

• Date Sent

• Date Taken

• Date Visited

File dates and times are taken from the computer clock that processed the file. Remember file dates and in particular file times are relative and care should be taken when interpreting relevance.

Additional information…

The NT File System actually stores 8 metadata fields relating to dates and times for a given file with only 3 of these fields (as detailed above) being made available to a user via the operating system.

Interestingly the last accessed date and time has been disabled in Windows since the introduction of Windows Vista and that was officially introduced in November 2006!

© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now