Hi, in some cases you can get an idea from dumpe2fs -h which includes:
Filesystem created: Fri Dec 7 14:19:28 2007 jan On Tue, Dec 25, 2007 at 08:30:48AM +0800, Eduardo Tongson wrote: > Not dismissing it. TCT is useful for forensic, for example a server > compromise. Yes I used it before but took a better deeper look at > mactime this time. I thought it could get the created timestamp for > files. > > I think an accurate way to get the install date is by getting the > creation timestamp of the / partition. It is possible that some > journaling file systems has a record of the creation time in the > journal log. That is if the file system retains old information like > that because as far as I know most of them only record recent updates. > > Ed <blog.eonsec.com> _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
