As you probably know, working with any file in a word processor, spreadsheet, presentation, among others, “access time” and “modification time” markers will appear, indicating that the file has just been created, modified, or edited in one of its components.
What you probably don’t know is that it is possible to use a simple method so that some changes made to a document are not recorded. In this tutorial, cybersecurity experts from the International Cyber Security Institute (IICS) will show you how to edit a file without changing its timestamps on Linux systems.
The timestamp of the file can be updated using the touch command.
Timestamps are also updated when we manually add content or delete data from the file. If you want to change the contents of files without changing their timestamps, there is no direct way to do so, although it is possible.
We can use the -r (link) option of this command to preserve the timestamps of the file after editing or modifying it. The -r parameter is used to set the timestamps of one file with the timestamps of another.
We’ll use a text file called itsecforu.txt.
Let’s take a look at the timestamps in this file using the stat command:
$ stat itsecforu.txt
File: itsecforu.txt
Size: 38 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 4351679 Links: 1
Access: (0775/-rwxrwxr-x) Uid: ( 1000/ sk) Gid: ( 1000/ sk)
Access: 2020-11-12 19:47:55.992788870 +0530
Modify: 2020-11-12 19:47:55.992788870 +0530
Change: 2020-11-12 19:47:55.992788870 +0530
Birth: -
As cybersecurity specialists mentioned, if we change the content or metadata of this file, timestamps will also change.
$ touch -r itsecforu.txt itsecforu.timestamp
Let’s review the timestamps in the new file:
$ stat itsecforu.timestamp
File: itsecforu.timestamp
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 801h/2049d Inode: 4328645 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/ sk) Gid: ( 1000/ sk)
Access: 2020-11-12 19:47:55.992788870 +0530
Modify: 2020-11-12 19:47:55.992788870 +0530
Change: 2020-11-12 19:48:48.934235300 +0530
Birth: -
Can you see it? The timestamps of both files are the same.
Now make the changes to the main file, that is, itsecforu.txt.
As you may have guessed, the timestamps in the main file will change.
Finally, copy the timestamps from the new file, for example itsecforu.timestamp, to the main file:
$ touch -r itsecforu.timestamp itsecforu.txt
The main file now has old timestamps before being edited or modified.
In short
Create a new file with the same timestamps as the main file using the touch command, make the changes to the main file, and set the timestamps of the new file to the main file with the -r option.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.