[OpenAFS] Accuracy of timestamps in AFS files.
Finke, Jon E
finkej@rpi.edu
Sat, 19 Apr 2008 11:31:39 -0400
This is a multi-part message in MIME format.
------_=_NextPart_001_01C8A232.7755D7F5
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I will be giving a deposition involving some intellectual property
issues in the near future, and some of my work is being considered as
prior art. One of the ways we are determining "when" I wrote things
will be based on the last changed dates of the files. Our AFS cell
dates back to the early 90s (which is when I got my AFS admin
certification.)
=20
The question may arise, is how easy is it to "fake" these file system
time stamps - do they come from the AFS client or from the AFS file
servers? Off hand I could see setting the date way back on a Unix host
(not an AFS client), writing out some files, making a tarfile of the
result, and then untarring it on an AFS client would produce
appropriately "faked" timestamps. Are there other indicators (volume
time stamps, etc) that would detect that forgery attempt?
=20
Although I am an AFS admin, I am not the primary administrator of our
cell, that role has been handled by others.
=20
I am quite confident that we do not have viable backups of the cell
going back 10 years (even if we have the media, we may not have a drive
to read it). There are secondary indicators of dates (papers published,
newsletter articles, etc) that would indicate that we were indeed
working on the projects demonstrated by the file system timestamps.
=20
This being my first in depth exposure to the federal courts, I am
uncertain of the evidentiary value of computer files - I have files on
my laptop with dates in the 90s, yet the laptop was manufactured in
2007....
=20
Jon Finke - Senior Systems Programmer
Communications and Middleware Technology - Rensselaer Polytechnic
Institute
VCC 319 / 110 8th Street / Troy, NY 12180-3590
518 276 8185 (voice) - 518 276 2809 (fax) - http://www.rpi.edu/~finkej
<http://www.rpi.edu/~finkej>=20
=20
------_=_NextPart_001_01C8A232.7755D7F5
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:D=3D"DAV:" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml" =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#" =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp" =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc" =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#" =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile" =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/" =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
=
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" xmlns:Z=3D"urn:schemas-microsoft-com:" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal>I will be giving a deposition involving some =
intellectual
property issues in the near future, and some of my work is being =
considered as
prior art. One of the ways we are determining “when” I =
wrote
things will be based on the last changed dates of the files. =
Our
AFS cell dates back to the early 90s (which is when I got my AFS admin
certification.)<o:p></o:p></p>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal>The question may arise, is how easy is it to =
“fake”
these file system time stamps – do they come from the AFS client =
or from
the AFS file servers? Off hand I could see setting the date way =
back on a
Unix host (not an AFS client), writing out some files, making a tarfile =
of the
result, and then untarring it on an AFS client would produce =
appropriately “faked”
timestamps. Are there other indicators (volume time stamps, =
etc)
that would detect that forgery attempt?<o:p></o:p></p>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal>Although I am an AFS admin, I am not the primary
administrator of our cell, that role has been handled by =
others.<o:p></o:p></p>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal>I am quite confident that we do not have viable =
backups of
the cell going back 10 years (even if we have the media, we may not have =
a
drive to read it). There are secondary indicators of dates (papers
published, newsletter articles, etc) that would indicate that we were =
indeed
working on the projects demonstrated by the file system =
timestamps.<o:p></o:p></p>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal>This being my first in depth exposure to the =
federal courts,
I am uncertain of the evidentiary value of computer files – I have =
files
on my laptop with dates in the 90s, yet the laptop was manufactured in =
2007….<o:p></o:p></p>
<p class=3DMsoNormal><o:p> </o:p></p>
<p class=3DMsoNormal><span style=3D'font-size:10.0pt;font-family:"Times =
New Roman","serif"'>Jon
Finke - Senior Systems Programmer<br>
Communications and Middleware Technology - Rensselaer Polytechnic =
Institute<br>
VCC 319 / 110 8th Street / Troy, NY 12180-3590<br>
518 276 8185 (voice) - 518 276 2809 (fax) - <a =
href=3D"http://www.rpi.edu/~finkej"><span
style=3D'color:blue'>http://www.rpi.edu/~finkej</span></a><br>
</span><span style=3D'font-size:12.0pt;font-family:"Times New =
Roman","serif"'>
</span><o:p></o:p></p>
</div>
</body>
</html>
------_=_NextPart_001_01C8A232.7755D7F5--