+5 votes
277 views
How to view file creation date in Linux

in Linux / Unix by (552k points)
reopened | 277 views

1 Answer

+3 votes
Best answer

1. Find the date of creation of a file in Linux
2. Know the root system in Linux

When using UNIX operating systems, as is the case of Linux, each component is cataloged as a file and each “file” and every time we make any changes to that element, all these changes are hosted in an inode and Linux takes care of identifying each file by its respective inode number which is not the human file name with which it was created..

In Linux environments, we have the “stat” (Statistics) command which, as the name implies, is responsible for displaying the status of the file system generating useful information such as:

  • File Creation Date
  • Inode number
  • Last modifications made to the file
  • Last change of state
  • Last access and more relevant information.

In Linux we have parameters such as:

ctime
Display the file change time.
atime
It generates the access time to the file.
mtime
Shows the modification time of the file.
crtime
Shows the creation time of the file.

To keep up, remember to subscribe to our YouTube channel! SUBSCRIBE


1. Find the date of creation of a file in Linux

Step 1

To find details of a file, specifically the date and time it was created, we can use crtime which is responsible for finding the inode of the file using the stat command, for this we will execute the following syntax:
 stat “Archive” 

image

Step 2

To do this we must go to the directory where the file to be analyzed is and as we see the information displayed is complete with details such as:
  • Last date of access and modification
  • Links
  • Size
  • Node number and more.
Step 3

As an alternative we can use the ls command as well. In this case the inode of said file will be displayed. It will be necessary to take into account the inode number associated with that file.
 ls -i “Archive” 

image


2. Know the root system in Linux

Step 1

The next step is to detect the root file system where the scanned file is hosted, for this, we will execute the df -h command in order to identify the root file system like this:
 df -h 

image

Step 2

In this case we can see that the root system is “/ dev / sda1”. Now, with this information, we will use the “debugfs” command to find the creation time of the file by adding the “-R” parameter which tells debugfs to execute a single external command associated with the inode number of the file to use, To do this we will execute the following syntax:
 sudo debugfs -R 'stat <# inodo>' / dev / sda1 

image

Step 3

As a result we can see much more complete details about the selected file with details such as:
  • Inode number
  • Mode
  • Associated User and Group
  • Size
  • Details of ctime, atime, mtime and crtime
  • Checksum and more.

We can use this tool to obtain much more detailed information on each file that needs to be analyzed.


by (3.5m points)
edited

Related questions

+3 votes
1 answer
asked Nov 21, 2019 in Windows Server by backtothefuture (552k points) | 362 views
+5 votes
1 answer
asked Nov 9, 2019 in Windows 10 by backtothefuture (552k points) | 666 views
+4 votes
1 answer
+3 votes
1 answer
asked Nov 9, 2019 in Linux / Unix by backtothefuture (552k points) | 303 views
+5 votes
1 answer
asked Nov 2, 2019 in Linux / Unix by backtothefuture (552k points) | 268 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users