What people don't seem to grasp is how well these things can be tampered with by someone who would be considered a top notch programmer in the industry. They know how to falsify time stamps as well as other things giving the appearance of the genuine article by simply changing some of the coding itself not the size of any particular file.
you might also be able to grasp is what these "top" coders and crypto analysts understand...
timestamps can be falsified of course ....
the udf filesystem is well know and that is possible...
but what happens even if you change the stamps is something...
the hashes change too...
idk if you have noticed but in all my comments i have never once mentioned md5..
why?
because with enough computation power (and btw some crays should be enough...
those are beautiful systems you know...
getting to see those i was amazed)
you can create a md5 collision
but that is beside the point...
there is a way using a distrubiting brute force attack on sha-1(2^63 is a very large number...btw...
)
and i believe it would have been reported by other more prominent security websites i trust saying "Sha-1 collision seen in the wild"
and so far nothing...
which means one and only thing
there has to date not one sha-1 collision at all that has been verified...
like i said the sha-1 in conficker.a was never able to be spoofed in time which tells you something...
i just wished they started used sha-2 or md6 (which the lastest conficker variants uses ) as this cannot be broken with all the computing power in world involved...
All anyone that wants it the right way has to do is simply pay a visit to... 
