Author: David Fally (wavedeck)
This project is meant to be used to create a tamper-resistant recursive index of files and their unix timestamps.
Given an absolute path to a directory, this tool will recursively scan for all files and record the unix timestamps (ctime, mtime) of the files in a sqlite3 database.
to prove that the integrity of the database wasn't tampered with, a sha-256 hash of the unix timestamps and the file size in bytes is also generated.
if a malicious party would have any means to change a logged timestamp or alter the contents of a file in any way, the hash signature of the file would not match anymore.
The checksum hash of a logged file is created by taking the ctime, mtime and filesize of the logged file
and merging those values together into a string, separated by underscores (_) and then hashing it.
the timestamps are written as the number of seconds since the Unix epoch. See this Wikipedia article on Unix time.
the filesize is the number of bytes of the raw file contents.
it can be obtained using commands like stat -f%z file.txt on BSD derivatives (e.g. macOS)
or stat --printf="%s" file.txt on GNU/Linux systems.
all put together, the string before any hashing takes place could look somewhat like this:
1739471435_1739471450_2421 (ctime_mtime_filesize)
this string will then be hashed using sha-256, resulting in this hash:
f5947a4cf205c44a241cc2086f5c6cace9327162b89f046a33191c36cd460f85
This software is provided as is, free of charge and free to use, distribute or modify, as long as the actions taken are compliant with the AGPL (https://www.gnu.org/licenses/agpl-3.0.html)
As this is open source software, licensed under the AGPL, the authors and maintainers are not liable for any damages caused directly or indirectly by using this software, and do not provide any guarantee that any output this software produces, is to be accepted as evidence in court. proceed at your own risk.
also keep in mind that file timestamps simply are additional attributes on a file and could've been tampered with before this tool was used to generate the timestamp index database. so take this information with a grain of salt.
this tool does not replace properly implemented immutable audit logs, (preferrably implemented and monitored by a trustworthy third-party) but can help in scenarios where these security and compliance measures don't exist.