Foster and Vincent Lui (at the time of this writing, I could not locate a reliable site from which to download a copy of “timestomp.exe”), reportedly has a 32-bit granularity with respect to its ability to modify file times (as opposed to the 64-bit granularity used in the common Windows FILETIME structure), and it modifies only the time stamps found in the $STANDARD_INFORMATION attribute within the MFT. “Timestomp.exe” (a description of the tool can be found at ), developed by James C. The results of this investigation showed that the paper did not indicate any plagiarism from Internet sources or other documents on the computer. Using key phrases and terms from inside the paper to perform a search of the student’s hard drive, it could be shown that no other references were on the computer hard drive that could have been copied and pasted into the paper. This indicates that the student did actually compose the paper on the computer on which it was found. The document metadata revealed that the paper was written over a period of several days, included 33 separate editing sessions and a total writing time of over 800 minutes. The professor claimed that the student must have plagiarized the paper from sources on the Internet. The student was accused of cheating, and subsequently kicked out of school.
The professor, upon reading the paper, did not believe that the student was smart enough to have written it. The case involved a student who submitted a paper from one of his classes at a university. In fact, it is from a rather simple case, but it does highlight the usefulness of document metadata in an exemplary way. What she claimed to have happened would have been physically impossible to have occurred in a timeframe of four minutes and forty-six seconds.Ī good example of document metadata as evidence is not from the biggest or most complicated case. This information was critical in refuting the charges, as the picture metadata painted an entirely different picture than the girl’s story. By examining the metadata of the first and last picture, the entire time period of the picture-taking session could be shown, and by looking at all metadata for all the pictures, it was revealed that no two pictures were taken more than 30 seconds apart. A review of the metadata in the pictures showed that the entire picture-taking session lasted a total of four minutes and forty-six seconds. In the girl’s recount of the events, the molestation was said to have happened over a 30-minute period, where the accused was supposedly taking pictures of her, and in between taking the pictures was molesting her. While this girl and her family were visiting his home, she asked the accused to take pictures of her for her MySpace page. There was a case where a man was accused of molesting a girl while taking pictures of her using a camera.
Case examples: Metadata as evidence Metadata and Timelines
0 kommentar(er)
