How Unix Timestamps Work
Unix stores two times for every file, the last modification time of the file and the last access time of the file.
`ls -lT` displays the last modification time of files.
bash-2.05a$ ls -lT timestamp.shtml -rw-r--r-- 1 will staff 885 Mar 5 01:50:53 2004 timestamp.shtml
`ls -lTu` displays the last access time of files.
bash-2.05a$ ls -lTu timestamp.shtml -rw-r--r-- 1 will staff 885 Mar 5 01:51:57 2004 timestamp.shtml
To edit these times, you will need a program like SaintStat or fix.c. These programs are normally packaged with rootkit’s.
You can write your own utility to modify timestamps fairly easily using the utime function of C or PERL.
The purpose of editing timestamps is usually to modify files without making them look as if they have been modified. This technique won’t fool a message digest algorithm like MD5.