Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: ant888
New Today: 3
New Yesterday: 0
Overall: 29286

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Hash calculation between image and original file
 Final Year Project
 Android devices with PIN screen lock and without USBdebb. on
 Can file creation and modifications on pendrives be found?
 Viewing real MAC times of a timestomped file

Computer Forensics World Forums


Pages Served
We received
49944944
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - clonetag January 2007
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

clonetag January 2007

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
AH18
Newbie
Newbie


Joined: Oct 14, 2016
Posts: 2

PostPosted: Sat Oct 15, 2016 12:28 pm    Post subject: clonetag January 2007 Reply with quote

Dell Computer bought in February 2007. Mabye factory preinstalled Windows xp media center edition. Clonetag in January of 2007. Admin account and one of the user accounts was not used very often. Both have shortcuts to C\sysprep, Winbom, winbom(2) as only shortcuts recents but can't be opened because the files are no longer on the computer. Recovery software found sysprep folders created aug 15 2005, modified 2004 that had been deleted. Is there a scenerio here that would leave those shortcuts in recents folder at factory install but create a clonetag of Jan 2007?

Thanks for the help!
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Sun Oct 16, 2016 10:22 pm    Post subject: Reply with quote

Deleting a file does not delete shortcuts to that file. If the system was cloned after the files were deleted and they didn't delete shortcuts referencing those files, the cloned copy would contain those shortcuts. It would also be possible to change the date on the system and delete a file and have it show a different deletion date than the actual. There are many things that could create a situation like that. You would need to dig very deep to find the actual reason that the situation exists.
Back to top
View user's profile
AH18
Newbie
Newbie


Joined: Oct 14, 2016
Posts: 2

PostPosted: Tue Oct 18, 2016 4:34 am    Post subject: Reply with quote

Thanks for the response. If system restore is used in Windows XP, does it show up In event viewer or is that log reversed also? Any other signs of a system restore date on a computer. The restore wouldve been done a long while back.
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Tue Oct 18, 2016 12:15 pm    Post subject: Reply with quote

Create a virtual machine and test. That is the best way to get the answers you are seeking.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.