The National Institute of Standards and Technology [1] lists the importance of preservation of file time stamps for forensic and intrusion detection purposes. Most operating systems keep track of certain timestamps related to files, the most commonly used timestamps being modification, access, and creation (M-A-C) times, which does not guarantee to be accurate from a forensic perspective. Moreover, UNIX based Operating systems retain the last modification, last inode change, and last access times. This relates to the fact that operating systems only have the most recently updated file timestamp information, which along with any inaccuracies does not guarantee a successful...