| layout | title | date | last_updated | description | tags | categories | featured |
|---|---|---|---|---|---|---|---|
post |
FFS Extraction MAC Timestamps |
2024-12-01 23:00:10 -0800 |
2024-12-01 23:00:10 -0800 |
get all timestamps |
forensic timestamps |
forensic |
false |
draft
A very helpful article to get MAC timestamps of FFS Extractions
"Full File System extractions in Zip - MAC times How do zip files generated by extraction tools used in digital forensics manage file timestamps?"
full-file-system-extractions-in-zip-mac.html
"In order to validate the MAC times on these particular FFS extractions one can use the following python script: extract_timestamps.py Script location: https://github.com/abrignoni/Misc-Scripts/ The script needs the path to the FFS extraction and the path internal to the zip for the file which you would like to see the associated MAC times."