ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Commands
  • Timestamp Updates
  • Create Time
  • Modify Time
  • Access Time
  • Entry Modify Time
  • How File Actions Effect Timestamps
  • Enable/Disable Last Access Update Time

Was this helpful?

  1. Windows
  2. File Ops
  3. Modify Metadata

Timestamps

Commands

(Get-Item <file>).CreationTime = 'YYYY-MM-DD HH:MM:SS'

Creation

(Get-Item <file>).LastAccessTime = 'YYYY-MM-DD HH:MM:SS'

Last Access

(Get-Item <file>).LastWriteTime = 'YYYY-MM-DD HH:MM:SS'

Last Modified

Timestamp Updates

Create Time

The create timestamp is updated anytime a file or directory is created from scratch or a copy is made.

Modify Time

The modification timestamp is updated anytime a file or directory is changed.

Access Time

The access timestamp is updated anytime the contents (including metadata) of a file or directory is touched to perform an action.

Entry Modify Time

The entry modified timestamp refers to the time when the Master File Table (MFT) entry itself was modified.

How File Actions Effect Timestamps

Creating a folder updates the - Modified, Access and Create Times (for the folder)

Creating a file updates the - Modified, Access and Creat Times (for the file)

Creating a file within a folder updates the - Modified and Access Times (for the folder)

Modifying a file updates the - Modified and Access Times (for the file)

Modifying a file updates the - Modified and Access Times (for the folder)

Moving a file into a folder/directory updates the - Modified and Access Times (for the folder/dir)

Moving a file into a folder/directory updates the - Access Time (for the file)

Copying a file into a folder/directory updates the - Access Time (for the directory the file was copied FROM)

Copying a file into a folder/directory updates the - Modified and Access Time (for the directory the file was copied TO)

The difference between a copy and move is that a COPY will create a new file at the destination and results in multiple files and a MOVE will create a new file at the destination and then erases the original file from its location by updating the Master File Table (MFT) to point to the new location.

The default action when a Drag and Drop function is performed within the same partition is a MOVE and when performed on a different partition is a COPY.

Enable/Disable Last Access Update Time

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate

-> value of 1 means disabled (default in Vista+)

-> value of 0 means enabled (default in XP and earlier -if the key exists)

PreviousChange OwnerNextSize

Last updated 1 year ago

Was this helpful?

🪟