Re: How to change the datestamp of a Truecrypt container?

From: "nemo_outis" <abc@xxxxxxx>
Date: Sun, 31 May 2009 04:59:16 GMT

Dimona <mmm@xxxxxxx> wrote in news:gvs37k$as5$1@xxxxxxxxxxxxxxx:

I wish to create Truecrypt file, burn it to a CD and datestamp the file
as created in January 2072, this a good way to avoid legal problems if
anyone blackmails me into giving the password. It will be up to them to
prove that the file was recently created.

Besides changing the computer clock when creating the TC file, is there
some other way of doing this?

Thanks

(Even though you don't say so, I will assume a Windows environment for
the sake of concreteness.)

Yes, there are a zillion utilities out there which will change a file's
date/time stamp (for any file, including Truecrypt container files).

HOWEVER...

....there are a number of 'gotchas."

First of all, hardly anyone (except geeks like me and forensic
investigators) knows that Windows has not just 3 date/time stamps
(created, modified, last access) but four! (The fourth is the little-
known "Entry Modified" timestamp which applies to when the MFT entry
itself was modified!) Also the timestamps are contained in (at least)
two separate places in each MFT (the SIA and the FNA). Most Windows
"touch" utilities only change 3 of the 4 timestamps. One of the few
utilities that will change *all four* is "timestomp" from metasploit.
http://www.metasploit.com/research/projects/antiforensics/ [scroll down
the page until you find it]

But wait, there's more... (as they say in the late-night TV ads)

The registry also contains information about Truecrypt and registry
entires are themselves timestamped (very few programs show registry
timestamps but they're there!). Be sure to check the dates on any
Truecrypt driver files, etc. too.

In short, Windows leave little "fingerprints" all over the place (e.g.,
crap like "userassist" in the registry) and you must be very
knowledgeable to ensure that you haven't missed any.

Ain't life a bitch?

Regards,

.

Follow-Ups:
- Re: How to change the datestamp of a Truecrypt container?
  - From: nemo_outis

References:
- How to change the datestamp of a Truecrypt container?
  - From: Dimona

Prev by Date: Obama's Idea Of "Preventive Detention"
Next by Date: Re: How to change the datestamp of a Truecrypt container?
Previous by thread: How to change the datestamp of a Truecrypt container?
Next by thread: Re: How to change the datestamp of a Truecrypt container?
Index(es):
- Date
- Thread

Relevant Pages

NewestShareware.com Issue #89
... FileBoss for Windows ... Program Homepage/Download url ... In general users make a program execute at window startup by ... Adding programs to the Registry and WIN.INI file protects the program. ...
(comp.software.shareware.announce)
Re: Windows XP home login/off
... How to Perform an In-Place Upgrade of Windows XP ... Click on How To Run a Repair Install ... registry has worked the 5 or 6 times I have seen this problem. ... The script will stop and ask you to hit enter to continue to load SCSI ...
(microsoft.public.windowsxp.wmi)
RE: Networking and DOS attacks
... Windows has found 55 Critical System Errors... ... Install Repair Registry Pro. ... I have tracked all of these UDP port hits since 2001. ...
(Security-Basics)
Re: OT: Win 7 comments
... I had to edit the Registry. ... This is right up there with repairing permissions, ... That's odd, consider how some of you guys bring the same habits to Windows, ... I will wait for some apps to crash. ...
(comp.sys.mac.advocacy)
RE: Windows 2000 RRAS and ipSEC /L2TP VPN
... How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication ... This article contains information about modifying the registry. ... , Windows 2000 is compliant with IKE RFC ...
(microsoft.public.win2000.networking)