public override void SetDates(string path, DateTime?creationDT, DateTime?lastWriteDT, DateTime?lastAccessDT)
{
// The dates and FileAttributes stored in $Standard_Information are accessible to user-level processes,
// while the ones in $File_Name are maintained internally and not updated often.
// http://cyberforensicator.com/2018/03/25/windows-10-time-rules/
FileRecord fileRecord = m_volume.GetFileRecord(path);
if (creationDT.HasValue)
{
fileRecord.StandardInformation.CreationTime = creationDT.Value;
}
if (lastWriteDT.HasValue)
{
fileRecord.StandardInformation.ModificationTime = lastWriteDT.Value;
}
if (lastAccessDT.HasValue)
{
fileRecord.StandardInformation.LastAccessTime = lastAccessDT.Value;
}
fileRecord.StandardInformation.MftModificationTime = DateTime.Now;
List <FileNameRecord> fileNameRecords = fileRecord.FileNameRecords;
foreach (FileNameRecord fileNameRecord in fileNameRecords)
{
if (creationDT.HasValue)
{
fileNameRecord.CreationTime = creationDT.Value;
}
if (lastWriteDT.HasValue)
{
fileNameRecord.ModificationTime = lastWriteDT.Value;
}
if (lastAccessDT.HasValue)
{
fileNameRecord.LastAccessTime = lastAccessDT.Value;
}
fileNameRecord.MftModificationTime = DateTime.Now;
}
m_volume.UpdateFileRecord(fileRecord);
if (!fileRecord.IsDirectory)
{
// Windows NTFS v5.1 driver does not usually update the value of the FileSize field belonging
// to the FileNameRecords that are stored in the FileRecord, it is likely to be 0.
foreach (FileNameRecord fileNameRecord in fileNameRecords)
{
fileNameRecord.FileSize = fileRecord.DataRecord.DataLength;
}
}
m_volume.UpdateDirectoryIndex(fileRecord.ParentDirectoryReference, fileNameRecords);
}
private void UpdateDirectoryIndex()
{
List <FileNameRecord> fileNameRecords = m_fileRecord.FileNameRecords;
foreach (FileNameRecord fileNameRecord in fileNameRecords)
{
fileNameRecord.AllocatedLength = m_data.AllocatedLength;
fileNameRecord.FileSize = m_data.Length;
}
m_volume.UpdateDirectoryIndex(m_fileRecord.ParentDirectoryReference, fileNameRecords);
}
