Timestamps

Some reminders about Windows file times

This information is covered in introductory courses on Windows/NTFS forensics, but I often lose track of the original source for technical information that I can cite in expert reports and other deliverables. Also, I’m not a fan of citing proprietary training materials that can’t be easily found on the web, purchased from Amazon, or found in a public library. This post is a quick summary of a few articles from Microsoft with links to the original articles.