computer-forensics

Apple Mac and Unix timestamps

阅读更多关于 Apple Mac and Unix timestamps

问题 I know that the primary timestamp on Apple systems is the CF Absolute Time value (also called Mac Absolute Time), which is a 32-bit integer calculated by the number of seconds since 01/01/2001 00:00:00 UTC. For example, 219216022 when decoded is Thu, 13 December 2007 05:20:22 UTC. Are there any other timestamps used on Mac/Unix systems (other than the default Unix timestamp which is a 32-bit integer calculated in seconds since 01/01/1970 00:00:00 UTC)? 回答1: The NSDate object has

Find Programming Language Used

阅读更多关于 Find Programming Language Used

Whats the easiest way to find out what programming language an application was written in? I would like to know if its vb or c++ or delphi or .net etc from the program exe file. John T Try PEiD of course if they used a packer, some unpacking will need to be done first :) Start it up and check what run-time DLLs it uses with Process Explorer. If that doesn't make it immediately obvious, search the web for references to those DLLs. Most disassemblers (including Olly I think) can easily show you the text contained in an EXE or DLL, and that can also sometimes give a clue. Delphi types are often

订阅 computer-forensics