Often in post exploitation activities penetration testers are trying to access files in order to read their contents.However this means that immediately the MACE (Modified-Accessed-Created-Entry) attributes of the file are changing and this is an indication for the administrator or the file owners that someone has read or modified the information that is stored on the file.Metasploit framework provides us with a module that we can change these values in case that we don’t want to leave any marks behind.
read more...........http://pentestlab.wordpress.com/2013/01/22/using-timestomp-to-change-the-mace-values-of-a-file/?goback=%2Egmp_38412%2Egde_38412_member_206909463
read more...........http://pentestlab.wordpress.com/2013/01/22/using-timestomp-to-change-the-mace-values-of-a-file/?goback=%2Egmp_38412%2Egde_38412_member_206909463