System Time registry key

G

Gus Teng

if I want to know if the system time has been changed, when it has been
changed and how many time it has been changed, etc, where I can find the
registry that hold all these informations? Thanks.
 
D

Dave Patrick

Not stored in the registry. Or anywhere else AFAIK.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| if I want to know if the system time has been changed, when it has been
| changed and how many time it has been changed, etc, where I can find the
| registry that hold all these informations? Thanks.
|
|
 
G

Gus Teng

Hi Dave,
thanks. i saw in a TV reconstruction of a murder investigation in nz where
the husband tampered with the system time to show that the computer was used
during the murder to confuse the investigator. The computer forensic
examiner was able to show that the system time was changed and reset to the
correct time later(but never said how as this is a their trade secret).
Something was mentioned about the system time changes were saved/logged
somewhere. Is it possible that system time change is logged by the system?
Gus
 
M

Mark V

Hi Dave,
thanks. i saw in a TV reconstruction of a murder investigation
in nz where the husband tampered with the system time to show
that the computer was used during the murder to confuse the
investigator. The computer forensic examiner was able to show
that the system time was changed and reset to the correct time
later(but never said how as this is a their trade secret).
Something was mentioned about the system time changes were
saved/logged somewhere. Is it possible that system time change
is logged by the system? Gus
Click to expand...

That may be logged with aggressive auditing enabled perhaps. Not
certain. Suggest you look at auditing Privilege Use and System
Events as a start. And assuming NT5.x

But in theoretical terms, any account with authority to change the
system time might also be able to clear the audit logs... YMMV.
Since it appears the "husband" had full local access nearly
anything is possible...including forgetting to clear audited
events. <G>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Computer Crashing 8
Is it possible to reset a registry value to its default? 3
What is Windows registry (Registry Keys) 1
Excel Home made rota system- creating a time sheet in relation to demand 0
Most popular version of Windows graph 1
Modifying the registry of windows xp from a remote machine 1
WinXP Registry - Incredimail Removal 4
Registry Corruption ??? 1

Top