Cross-platform scripts to edit files without leaving timestamp traces.
These scripts help you edit files while maintaining their original "Modified" date in file managers (Windows Explorer, Finder on macOS, file browsers on Linux). This is useful when you need to preserve the appearance of when a file was last modified, even after editing it.
These scripts were developed for red teaming and security testing purposes. They enable security professionals to:
- Create Authentic Bait Files: Generate files that appear to have been created or modified at specific historical dates, making them more convincing for honeypots and deception operations
- Maintain Operational Security: Edit files during red team exercises without leaving obvious traces of recent modification timestamps
- Test Security Controls: Evaluate how security tools and analysts respond to files with manipulated timestamps
- Simulate Historical Artifacts: Create files that blend into existing file systems by matching modification dates of surrounding files
Ethical Use: These scripts are intended for authorized security testing, red team exercises, and legitimate security research only. Unauthorized use to deceive or harm is strictly prohibited.
Choose the appropriate folder based on your operating system:
🪟 Windows/ - For Windows Systems
- Scripts: PowerShell scripts (.ps1)
- Documentation: Windows/README.md
- Requirements: PowerShell 5.1 or later
🐧 Linux/ - For Linux Systems
- Scripts: Universal scripts that auto-detect Linux
- Documentation: Linux/README.md
🍎 MacOS/ - For macOS Systems
- Scripts: macOS-optimized versions
- Documentation: MacOS/README.md
- Capture the original file modification time before editing
- Allow normal editing in any application (Excel, text editors, etc.)
- Restore the original filesystem timestamp after saving
- Preserve file content changes while maintaining timestamp appearance
The scripts work with any file type:
- Office documents (
.docx,.xlsx,.pptx, etc.) - Text files (
.txt,.md,.json, etc.) - Images, videos, PDFs
- Any file you can edit with applications
cd Windows
.\capture_timestamp.ps1 yourfile.ext
# Edit file normally, then:
.\restore_timestamp.ps1 yourfile.extcd Linux
chmod +x *.sh
./capture_timestamp.sh yourfile.ext
# Edit file normally, then:
./restore_timestamp.sh yourfile.extcd MacOS
chmod +x *.sh
./capture_timestamp.sh yourfile.ext
# Edit file normally, then:
./restore_timestamp.sh yourfile.extScenario: Create a convincing bait document that appears to have been modified months ago.
# Step 1: Use a reference file from the target environment (if available)
.\restore_timestamp.ps1 bait_document.docx C:\path\to\reference_file.docx
# OR: Capture timestamp from an existing file in the target directory
.\capture_timestamp.ps1 C:\path\to\existing_file.docx
# Edit your bait file...
.\restore_timestamp.ps1 bait_document.docx C:\path\to\existing_file.docx
# OR: Use automated monitoring while editing
.\preserve_metadata.ps1 bait_document.docx
# File opens automatically, edit and save - timestamp restored automatically# Step 1: Use a reference file from the target environment (if available)
./restore_timestamp.sh bait_document.docx /path/to/reference_file.docx
# OR: Capture timestamp from an existing file in the target directory
./capture_timestamp.sh /path/to/existing_file.docx
# Edit your bait file...
./restore_timestamp.sh bait_document.docx /path/to/existing_file.docx
# OR: Use automated monitoring while editing
./preserve_metadata.sh bait_document.docx
# File opens automatically, edit and save - timestamp restored automaticallyResult: The bait file will appear in file listings with the reference timestamp, making it blend in with existing files.
- Document Management: Preserve modification dates in archives
- Version Control: Keep original timestamps when updating files
- Compliance: Maintain audit trails with consistent dates
- Organization: Preserve chronological file organization
- Forensics Testing: Test forensic tools' ability to detect timestamp manipulation
These scripts are provided as-is for educational and practical use.