Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: UNIX files timestamping - Need experts opinion as testimonial
Special Forums Cybersecurity UNIX files timestamping - Need experts opinion as testimonial Post 302896132 by docflied on Friday 4th of April 2014 01:51:47 PM
Old 04-04-2014
UNIX files timestamping - Need experts opinion as testimonial
Hi
I am requesting your help to obtain opinions and testimonials in order to be be able to make my own opinion since I am definetly not a unix expert.

Say we have a UNIX server.
On this server there is a specific directory let us call it "DIR"
A security incident have been reported related to this server.
Expert in forensics analyzed it and wrote this (modified a bit for confidentiality reasons)

Files : File1 to File14
"The above files were known to have been present in the directory. File system timestamps indicate that they were last accessed arround HH:MM on D Month Year and deleted around HH:MM on D Month Year. Investigators have attempted carving these files from free space on the system to determine their contents, however the files were unrecoverable. Some of there files may have been present for legitimate purposes."

Files : File15 to File20
"Due to the files' metadata having been overwritten, the initial date of their presence and their deletion date are unknown."

Since all files (File1 to File20) are supposed to have been present in the same directory (DIR) is it possible to succeed in identifying access and deletion timestamp of only a subset? Also File1 to File14 are assumed to be created and deleted earliest than File15 to File20 (fwe month to several years for some files)

Please give me your opinion only if you master unix file system and how files timestamps are managed.
The many the best.

Any way thank you very much for your time and help.
 

10 More Discussions You Might Find Interesting

1. UNIX Desktop Questions & Answers

Need your help and opinion

Hey all, I'm brand new to Unix/Linux and have a couple of questions. I own a small education/consulting company that has a staff of approx. 50 employees. Most our work is geared towards the office-style environment (i.e. Word, Excel, Powerpoint, etc.). There are also some C and Java programmers... (4 Replies)
Discussion started by: dennie1
4 Replies

2. Solaris

Your Opinion requested

Ladies/Gentlemen, I am looking for a web-based tool to keep track of my Sun inventory. The following list of fields are fields I would like to store: Root Passwd (needs to be secure) / Hostid / Console Port / IP Address / Platform / Application / Hostname . . . you get the point. Do any of... (4 Replies)
Discussion started by: pc9456
4 Replies

3. Post Here to Contact Site Administrators and Moderators

Opinion

Hi, I am new at this site and at unix. I was reading some answers that the administrators and moderators have posted to others, and sometimes I feel like their a little sarcastic. I am asking just to be patient to me, I know nothing about unix but I do want to learn, and I think that positive... (7 Replies)
Discussion started by: HN19
7 Replies

4. What is on Your Mind?

I Am Calling All Unix Experts Young Mind In Need

My name is Courtney Robinson, and I am just a young man trying to figure out were he wants his life to head. I am currently in school for Computer Science and have once class left and jsut figured out I hate programming. However I am in love with Storage (SAN), UNIX, LINUX. I want to learn more.... (10 Replies)
Discussion started by: Courtney3216
10 Replies

5. Shell Programming and Scripting

forums to hire unix experts

Please recommend forums where I could look for unix expert candidates. (3 Replies)
Discussion started by: itmgr
3 Replies

6. UNIX for Dummies Questions & Answers

Unix Experts Answer this INterview Questions please

1, why Boot server should be in a network in jumpstart? 2, what is the different between patch and package? 3, how to list the avilable NIC in solaris9? 4, User complaing system is slow (solaris) what are the steps to check? 5, what is hardware error and software error and Transport Error? in... (5 Replies)
Discussion started by: suresh_krish
5 Replies

7. UNIX for Advanced & Expert Users

Expert Opinion

This perhaps does not belong in ths category; apologies, however, we have a heated debate going and your input will decide the result. Should UNIX (HP, AIX, etc) be rebooted following a monthly cycle (Every month, or a qtr, etc.). We have some UX admins (grumps) who say they have seen a UX... (6 Replies)
Discussion started by: rsheikh
6 Replies

8. Shell Programming and Scripting

NEED HELP FROM SHELL EXPERTS ASAP ..Compare of two files

I have seen the old forums before posting this thread...I did not find the designated answer for my shell script... I am novice in shell programming: Can some one help on how i can loop with in the loop when comparing two files... I need to compare ID in File1 with IDs in File2...If the ID... (1 Reply)
Discussion started by: rspotula
1 Replies

9. Shell Programming and Scripting

File timestamping issue

Hello, I am working on moving a data file to archive dir from the processing directory using the following lines in my FTP script. Sometimes the mv command does not work as the timestamp is is changed by seconds as the current date in the following code is changed. I have tried to use... (6 Replies)
Discussion started by: vidyab35
6 Replies

10. What is on Your Mind?

Something in my mind - what's your opinion ?

Dear Forum staff / Advisors / members , I am having something in my mind, about Linux / Unix possible Interview questions collections, I guess if I post them here,which might be useful for our members and for students, and in meantime we can discuss also about those questions, what's your... (4 Replies)
Discussion started by: Akshay Hegde
4 Replies

LEARN ABOUT CENTOS

vfs_recycle

VFS_RECYCLE(8)						    System Administration tools 					    VFS_RECYCLE(8)

NAME

       vfs_recycle - Samba VFS recycle bin

SYNOPSIS

       vfs objects = recycle

DESCRIPTION

       This VFS module is part of the samba(7) suite.

       The vfs_recycle intercepts file deletion requests and moves the affected files to a temporary repository rather than deleting them
       immediately. This gives the same effect as the Recycle Bin on Windows computers.

       The Recycle Bin will not appear in Windows Explorer views of the network file system (share) nor on any mapped drive. Instead, a directory
       called .recycle will be automatically created when the first file is deleted and recycle:repository is not configured. If
       recycle:repository is configured, the name of the created directory depends on recycle:repository. Users can recover files from the recycle
       bin. If the recycle:keeptree option has been specified, deleted files will be found in a path identical with that from which the file was
       deleted.

       This module is stackable.

OPTIONS

       recycle:repository = PATH
	   Path of the directory where deleted files should be moved.

	   If this option is not set, the default path .recycle is used.

       recycle:directory_mode = MODE
	   Set MODE to the octal mode the recycle repository should be created with. The recycle repository will be created when first file is
	   deleted. If recycle:subdir_mode is not set, MODE also applies to subdirectories.

	   If this option is not set, the default mode 0700 is used.

       recycle:subdir_mode = MODE
	   Set MODE to the octal mode with which sub directories of the recycle repository should be created.

	   If this option is not set, subdirectories will be created with the mode from recycle:directory_mode.

       recycle:keeptree = BOOL
	   Specifies whether the directory structure should be preserved or whether the files in a directory that is being deleted should be kept
	   separately in the repository.

       recycle:versions = BOOL
	   If this option is True, two files with the same name that are deleted will both be kept in the repository. Newer deleted versions of a
	   file will be called "Copy #x of filename".

       recycle:touch = BOOL
	   Specifies whether a file's access date should be updated when the file is moved to the repository.

       recycle:touch_mtime = BOOL
	   Specifies whether a file's last modified date should be updated when the file is moved to the repository.

       recycle:minsize = BYTES
	   Files that are smaller than the number of bytes specified by this parameter will not be put into the repository.

       recycle:maxsize = BYTES
	   Files that are larger than the number of bytes specified by this parameter will not be put into the repository.

       recycle:exclude = LIST
	   List of files that should not be put into the repository when deleted, but deleted in the normal way. Wildcards such as * and ? are
	   supported.

       recycle:exclude_dir = LIST
	   List of directories whose files should not be put into the repository when deleted, but deleted in the normal way. Wildcards such as *
	   and ? are supported.

       recycle:noversions = LIST
	   Specifies a list of paths (wildcards such as * and ? are supported) for which no versioning should be used. Only useful when
	   recycle:versions is enabled.

EXAMPLES

       Move files "deleted" on share to /data/share/.recycle instead of deleting them:

		   [share]
		path = /data/share
		vfs objects = recycle
		recycle:repository = .recycle
		recycle:keeptree = yes
		recycle:versions = yes

VERSION

       This man page is correct for version 3.0.25 of the Samba suite.

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

Samba 4.0							    06/17/2014							    VFS_RECYCLE(8)
All times are GMT -4. The time now is 10:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy