How hard drive files are dated

The hard drive map above illustrates the actual location on a hard drive where a critical letter is saved (i.e., the light blue blocks). The dates of the surrounding files (i.e, the red, orange, green, yellow and purple blocks) tend to confirm the validity of the date recorded for the critical file (see legend).

Note: This diagram is derived from an actual forensic
investigation, actual file names and dates are disguised.

Click here to see "For the Defense" article on Hard Drive Archeaology

Click here to return to Computer Forensics page.