|
|
|
|
|
|
by kbenson
3230 days ago
|
|
|
It's very easy to copy files preserving timestamps, in which case the timestamps would not represent the time to copy the files during the break in, but the time to copy them to the medium they were stolen from. Did anyone bother to check whether the files were created on that system, or copied originally from some USB disk? Or even copied to the server from some workstation across a gig network but that workstation was copying directly from a plugged in USB drive? There are so many ways to have timestamps originally sourced from USB type transfer speeds in the chain of file management at some point that this is ridiculous. |
|
|