RE: Questions about PC clock operations
- From: "Scott Ramsdell" <Scott.Ramsdell@xxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 13:25:25 -0400
Ricci,
In a corporate environment you would typically deploy a network time
protocol server (NTP). The NTP server either points to an external
reference NTP server, or to its own BIOS clock if corporate policy
prevents synching to an external time source.
Then, all *nix computers and all appliances, firewalls, IDS, routers,
etc. are pointed to the NTP server. You would also specify the NTP
server as the time source in the appropriate reg key on your Windows
domain controllers. Typically, the DC running the FSMO role for PDC
Emulator is also the NTP server.
When a Windows client logs in, it checks it's time against the DC, and
adjusts accordingly. You can find the exact way a Windows client
adjusts itself on the Microsoft site, I know it's there somewhere as I
had to do this years ago. The formula depends on how far out of
agreement the client is.
It is very important that all of your devices agree what time something
occurred on your network, and the NTP server is the way you do that.
Best Regards,
Scott Ramsdell
-----Original Message-----
From: ricci@xxxxxxxxxx [mailto:ricci@xxxxxxxxxx]
Sent: Monday, August 28, 2006 5:05 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Questions about PC clock operations
Hello All,
As you know time is a piece of information critical to digital forensics
investigation. However, as the paper in DFRWS 2006 pointed out, the PC
clock is not steady but drifting.
So can any one let me know how the PC clock operates? Is there any
difference between the time between Linux clock and Windows? Will the
operating system be affecting the clock?
Please advise.
Thx.
Ricci
------------------------------------------------------------------------
---
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- Re: Questions about PC clock operations
- From: Jim Mellander
- Re: Questions about PC clock operations
- Prev by Date: RE: Questions about PC clock operations
- Next by Date: Re: Procedure for staff leaving
- Previous by thread: Re: Questions about PC clock operations
- Next by thread: Re: Questions about PC clock operations
- Index(es):
Relevant Pages
|
|
