When using UNIX operating systems, as is the case of Linux, each component is cataloged as a file and each “file†and every time we make any changes to that element, all these changes are hosted in an inode and Linux takes care of identifying each file by its respective inode number which is not the human file name with which it was created..
In Linux environments, we have the “stat†(Statistics) command which, as the name implies, is responsible for displaying the status of the file system generating useful information such as:
- Last modifications made to the file
- Last access and more relevant information.
In Linux we have parameters such as:
ctime
Display the file change time.
atime
It generates the access time to the file.
mtime
Shows the modification time of the file.
crtime
Shows the creation time of the file.
To keep up, remember to subscribe to our YouTube channel! SUBSCRIBE
1. Find the date of creation of a file in Linux
Step 1
To find details of a file, specifically the date and time it was created, we can use crtime which is responsible for finding the inode of the file using the stat command, for this we will execute the following syntax:
stat “Archiveâ€
Step 2
To do this we must go to the directory where the file to be analyzed is and as we see the information displayed is complete with details such as:
- Last date of access and modification
Step 3
As an alternative we can use the ls command as well. In this case the inode of said file will be displayed. It will be necessary to take into account the inode number associated with that file.
ls -i “Archiveâ€
2. Know the root system in Linux
Step 1
The next step is to detect the root file system where the scanned file is hosted, for this, we will execute the df -h command in order to identify the root file system like this:
df -h
Step 2
In this case we can see that the root system is “/ dev / sda1â€. Now, with this information, we will use the “debugfs†command to find the creation time of the file by adding the “-R†parameter which tells debugfs to execute a single external command associated with the inode number of the file to use, To do this we will execute the following syntax:
sudo debugfs -R 'stat <# inodo>' / dev / sda1
Step 3
As a result we can see much more complete details about the selected file with details such as:
- Associated User and Group
- Details of ctime, atime, mtime and crtime
We can use this tool to obtain much more detailed information on each file that needs to be analyzed.