Hal Pomeranz · Sep 6, 2022 · 1:31 PM UTC

Hal Pomeranz

Hal Pomeranz @hal_pomeranz

6 Sep 2022

Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…

Hal Pomeranz · Oct 7, 2022 · 1:45 PM UTC

Hal Pomeranz @hal_pomeranz

7 Oct 2022

Daily Linux Forensics Trivia #32 - You find entries in an Apache web server log whose timestamps are out of chronological order. Does this mean the log has been tampered with?

Hal Pomeranz · Oct 8, 2022 · 3:01 PM UTC

Hal Pomeranz · Oct 8, 2022 · 3:01 PM UTC

Hal Pomeranz @hal_pomeranz

8 Oct 2022

Trivia Answer #32 - It is actually not uncommon to find Apache log entries out of chronological order. The log timestamps show the time the web request was received, but the log entries are not written until the web response is completed.

Oct 8, 2022 · 3:01 PM UTC

Hal Pomeranz · Oct 8, 2022 · 3:01 PM UTC

Hal Pomeranz @hal_pomeranz

8 Oct 2022

This means that web requests that take longer than usual to be fulfilled may be logged later than shorter duration requests that were actually received after the slow web request. Shout outs to @DfirNotes and @mboelen on this one!