LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-13-2018, 05:58 PM   #1
cilbuper
Member
 
Registered: Mar 2008
Posts: 122

Rep: Reputation: 0
Need to preserve date stamps (creation, access, etc) when copying files


I have about 1,000 screen shots that I took which I need to preserve for later use, possibly in court. I have not looked at them since I took them as I don't want to alter any of the time stamps on them such as the access stamps so they can't be claimed that they were altered.

I have all the files in one folder on my ubuntu system.

I don't even know what stamps are used with the system and if it is just creation time/date and access time/date or if there are more of them.

What would be the best way to preserve these so that can be considered authentic if it ever needs to be proven. I was thinking of just zipping the entire folder, but IDK if that would change the dates inside the zip file and then change the access date since the command accesses the files to incorporate it into the file.

I'd also like to review the files but I don't want to do this until I have them completely preserved and backed up a couple of times.

What would be the best way of doing this and are there any special tools/software that can do this in an "official" manner, such as if a police copied a USB drive, would they be able to copy the files over to preserve everything?

Would using DD to copy the folder work? I know I can use it for partitions and drives, but am unsure about folders.

If you know anything about this, please let me know what my best options are. Thank you!
 
Old 03-13-2018, 06:48 PM   #2
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 16,726

Rep: Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467Reputation: 2467
You will need to dd the entire partition to ensure immutability. dd can do individual files, but that would be messy.

FWIW, on this (non-Ubuntu) system screenshots are png and contain limited exif metadata that exiftool can extract which includes the standard timestamps. If the files are on ext4, they also contain the creation timestamp. Not easily extracted, but can be using debugfs.
Simply copying the files to a USB will update the access time.
 
Old 03-13-2018, 11:20 PM   #3
cilbuper
Member
 
Registered: Mar 2008
Posts: 122

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by syg00 View Post
You will need to dd the entire partition to ensure immutability. dd can do individual files, but that would be messy.

FWIW, on this (non-Ubuntu) system screenshots are png and contain limited exif metadata that exiftool can extract which includes the standard timestamps. If the files are on ext4, they also contain the creation timestamp. Not easily extracted, but can be using debugfs.
Simply copying the files to a USB will update the access time.

Sorry, been out of computing for a while, been forcusing on some other topics. forgot to mention Ext4, which it is. DD'ing would be a task, it is a 4TB drive..

Is there anyway to copy a sector somehow with a different program that will not alter any file data? This may not be super important, but the shots are of a live event online where there is proof of either severely bad programming, a very sly virus or lots of fraud going on. The site is an auction site. If it is a virus, then it has been programmed in the favor of the auction house. I just want to be able to prove that I haven't edited the screen shots and screen capture video and the only way I thought this could work is to copy the files and preserve the data somehow.

If there isn't, I can just buy a new drive and either DD it or just use that in place of the old one until I have the files verified.
 
Old 03-14-2018, 12:05 PM   #4
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.4
Posts: 1,204

Rep: Reputation: 404Reputation: 404Reputation: 404Reputation: 404Reputation: 404
Why wouldn't cp -p work? From man cp:
Code:
-p     same as --preserve=mode,ownership,timestamps

       --preserve[=ATTR_LIST]
              preserve the specified attributes (default: mode,ownership,timestamps), if possible additional attributes: context, links, xattr, all
 
Old 03-15-2018, 06:12 PM   #5
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: High Sierra
Posts: 9,054
Blog Entries: 37

Rep: Reputation: Disabled
FYI: You don't "dd a folder"
To preserve the evidence chain,
dd the whole disk. The image can be inspected without losing integrity of the files in it.
 
Old 03-16-2018, 03:17 AM   #6
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,106

Rep: Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970Reputation: 970
You can also use rsync -av /path/to/source/ /path/to/dest

This will preserve time stamps and everything. But it you want to use this in court I would not use anything else but the original, unmodified and uncopied drive. I am not even sure that that is accepted as evidence.

So yes, you would have to dd the entire drive. And preferably use the copy in you machine.

jlinkels
 
Old 03-16-2018, 06:34 PM   #7
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,203

Rep: Reputation: 705Reputation: 705Reputation: 705Reputation: 705Reputation: 705Reputation: 705Reputation: 705
Not sure screenshots of web pages are real proofs as they can be easily edited (like with inspector in firefox for example)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I preserve "crtime" (creation/birth time) when copying from Windows NTFS to Linux EXT4? ans1 Linux - Newbie 12 03-16-2018 07:13 PM
preserve date time stamp copying files over home lan with samba, dolphin glorsplitz Slackware 1 07-22-2016 05:38 AM
Preserve time stamps of files on a linux based NAS acidrop Linux - Server 2 10-04-2013 05:21 AM
Tar: Preserve file creation/modification date Sum1 Linux - Software 2 05-15-2009 03:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 03:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration