The official or given name of this utility is FTimes, but operationally
it is referred to as ftimes. In the fledgling stages of development,
the name FTimes was short for File Times. This was because its
primary purpose was to collect timestamp information from systems
suspected of having been compromised.
The first version of FTimes was written in the Spring of 1998 to
support a forensic examination of a compromised system. At that
time, FTimes was primarily a workbench tool for the forensic
practitioner. As time passed, its audience expanded to include
system administrators and computer security professionals who needed
tools to monitor the integrity of their systems. Eventually, it
became a core component in Exodus' Content Integrity Monitoring
In the Fall of 2001, Exodus Communications, Inc. approved my request
to make FTimes Open Source.
At that time version two was very stable, but I was in the throes
of creating version three which was a major restructuring of the
code base. Consequently, I decided to wait until the new version
was complete before releasing it to the community.
On January 29, 2002, the first Open Source version of FTimes was
released from SourceForge.
FTimes continues to support the workbench environment, but has
evolved into a tool that can be utilized to support Integrity
Monitoring in large, diverse, and distributed environments. Today,
FTimes more appropriately equates to File Topography and Integrity
Monitoring on an Enterprise Scale.
The original design objectives for FTimes were to build a tool
does one thing extremely well (i.e., collect file attributes),
utilizes a simple, effective, and well understood algorithm that
can be applied equally well to different operating systems,
generates output that is easily assimilated by a wide variety of
has built-in logging that is complete, precise, and useful for
is accurate, efficient, and minimally invasive,
doesn't need to be installed on the target system,
is small enough to run from floppy even if statically compiled,
provides only a command line interface.