Ubuntu Forensics.
1.
ubuntu@ubuntu:~$ dd if=/dev/sr0 bs=1 skip=33581 count=17 | hexdump -C
17+0 records in
17+0 records out
17 bytes copied, 0.000374982 s, 45.3 kB/s
00000000 32 30 31 36 30 34 32 30 32 32 33 32 32 31 30 30 |2016042022322100|
00000010 00 |.|
00000011
ubuntu@ubuntu:~$
Date when the DVD was created is 20160420
04-20-2016 or April 4 2016.
2.
ubuntu@ubuntu:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 1.4G 0 rom /cdrom
loop0 7:0 0 1.4G 1 loop /rofs
sr0 is the DVD Name/Number.
SOURCE.
It's straightforward to tamper with this date. All that's required is
changing the computer's date before creating the image.
1.
ubuntu@ubuntu:~$ dd if=/dev/sr0 bs=1 skip=33581 count=17 | hexdump -C
17+0 records in
17+0 records out
17 bytes copied, 0.000374982 s, 45.3 kB/s
00000000 32 30 31 36 30 34 32 30 32 32 33 32 32 31 30 30 |2016042022322100|
00000010 00 |.|
00000011
ubuntu@ubuntu:~$
Date when the DVD was created is 20160420
04-20-2016 or April 4 2016.
2.
ubuntu@ubuntu:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 1.4G 0 rom /cdrom
loop0 7:0 0 1.4G 1 loop /rofs
sr0 is the DVD Name/Number.
SOURCE.
It's straightforward to tamper with this date. All that's required is
changing the computer's date before creating the image.
No comments:
Post a Comment