From 9df658d87dd53d29bfe11daab0653ca3325d5f42 Mon Sep 17 00:00:00 2001 From: Scott Sutherland Date: Tue, 5 Apr 2022 21:39:59 -0500 Subject: [PATCH] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6bb8a99..77cb700 100644 --- a/README.md +++ b/README.md @@ -194,7 +194,7 @@ Primary Todo * pull spns and computer description/spn account descriptions to help identify owner/business unit **Questions** -* under what conditions are Creation time, "LastAccessTime" and "LastWriteTime" set? CreationTime is the time that the file was created on a disk partition; Windows doesn't keep track of the last access times for directories since win7?;last accessed timestamp is static unless the feature is enabled; fsutil behavior set disablelastaccess 0 (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate);Registry - default disabled setting: dword:80000003 +* under what conditions are Creation time, "LastAccessTime" and "LastWriteTime" set? CreationTime is the time that the file was created on a disk partition; Windows doesn't keep track of the last access times for directories since win7?;In general adding, renaming or deleting a file or folder will change both LastAccessTime and LastWriteTime.;last accessed timestamp is static unless the feature is enabled; fsutil behavior set disablelastaccess 0 (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate);Registry - default disabled setting: dword:80000003 * what does share owner mean when system, vs trustedinstaller vs administrators vs network service - what can we infer that would be meaningful * what are some of the most common shares, can we automat profile them and highlight "known" application shars in the data insights? * can we predict file path with enough collect data to analyze?