(Using TimestompTo Change The MACE Values Of A File)
Once a system is compromised and the files are accessed, this would result in changes in the MACE (Modified-Accessed-Created-Entry) attributes of the file, which indicates the file is actually read or modified and these changes provides a key to the security or the forensic professional to identification and detection of the possible attack. However Metasploit framework provides us with a module that we can change these values in case that we don’t want to leave any marks behind.
Let’s say that we have already obtained a meterpreter session and we have a .doc file with the following attributes:
The GUI version of this tool can also be downloaded from the following link: