TESTING
Copy your video directory to a new directory, then follow instruction below.
PowerShell Script
PowerShell come with Windows 7, no download needed. (Start->All Programs->Accessories->Windows PowerShell).
Start PowerShell as administrator.
You have to do following for the first time before you can run any script(you only have to do it once)
Set-ExecutionPolicy RemoteSigned
Answer "Y".
Put following 2 scripts in your video directory. Open PowerShell and cd to your video directory. .ps1 is PowerShell script extension.
SaveTime.ps1 (before video conversion)
Save following script as SaveTime.ps1 in your video directory. Run this script in PowerShell before your video conversion.
The script will create OldTime-record.ps1 in the same directory.
The script WILL NOT OVERWRITE OldTime-record.ps1. It will only append to the end if the file already exist.
So no worry if you run it by accident and losing your original time-stamp. Just use notepad to remove the extra lines. I added an example of this situation at the end.
# SaveTime.ps1 - Start
$file = get-item *
write-output "`$file = New-Object string`[`] $($file.count)" >> OldTime-record.ps1
write-output "`$time = New-Object string`[`] $($file.count)" >> OldTime-record.ps1
$time = New-Object string[] $file.count
for ($i = 0; $i -lt $file.count; $i++) {
write-output "`$file`[$i`]=`'$($file[$i].fullname)`'" >> OldTime-record.ps1
write-output "`$time`[$i`]=`'$($file[$i].CreationTimeUTC.tostring('o'))`'" >> OldTime-record.ps1
}
# SaveTime.ps1 - End
OldTime.ps1 (after video conversion)
Save following script as OldTime.ps1 in your video directory. Run this script in PowerShell after video conversion. This script will read OldTime-record.ps1 and change file creation time accordingly.
# OldTime.ps1 - Start
. .\OldTime-record.ps1
for($i = 0; $i -lt $file.count; $i++) {
write-output "$($file[$i])"
write-output "$($time[$i])"
Set-ItemProperty -Path $($file[$i]) -Name CreationTimeUTC -Value $($time[$i])
}
# OldTime.ps1 - End
Oldtime-record.ps1
This file hold file name and creation time records. Following shows what it look like if you open it in notepad.
$file = New-Object string[] 9
$time = New-Object string[] 9
$file[0]='E:\Downloads\test\New Folder'
$time[0]='2012-11-13T03:11:11.4504830Z'
$file[1]='E:\Downloads\test\file1'
$time[1]='2012-11-10T01:12:14.6126918Z'
$file[2]='E:\Downloads\test\file2'
$time[2]='2012-11-10T01:12:14.6646918Z'
$file[3]='E:\Downloads\test\file3'
$time[3]='2012-11-10T01:12:14.7276918Z'
$file[4]='E:\Downloads\test\cover.jpg'
$time[4]='2012-11-10T01:12:14.7886918Z'
$file[5]='E:\Downloads\test\OldTime.ps1'
$time[5]='2012-11-13T05:22:18.2124830Z'
$file[6]='E:\Downloads\test\SaveTime.ps1'
$time[6]='2012-11-13T05:44:22.8514830Z'
$file[7]='E:\Downloads\test\test.ps1'
$time[7]='2012-11-13T03:26:28.7084830Z'
$file[8]='E:\Downloads\test\test.time.ps1'
$time[8]='2012-11-13T05:32:51.8204830Z'
Following is what happen if you run SaveTime.ps1 by accident. It just append the new records at the end. To fix it, just delete all lines starting from the second occurrence of $file = New-Object string[].
$file = New-Object string[] 9
$time = New-Object string[] 9
$file[0]='E:\Downloads\test\New Folder'
$time[0]='2012-11-13T03:11:11.4504830Z'
$file[1]='E:\Downloads\test\file1'
$time[1]='2012-11-10T01:12:14.6126918Z'
$file[2]='E:\Downloads\test\file2'
$time[2]='2012-11-10T01:12:14.6646918Z'
$file[3]='E:\Downloads\test\file3'
$time[3]='2012-11-10T01:12:14.7276918Z'
$file[4]='E:\Downloads\test\cover.jpg'
$time[4]='2012-11-10T01:12:14.7886918Z'
$file[5]='E:\Downloads\test\OldTime.ps1'
$time[5]='2012-11-13T05:22:18.2124830Z'
$file[6]='E:\Downloads\test\SaveTime.ps1'
$time[6]='2012-11-13T05:44:22.8514830Z'
$file[7]='E:\Downloads\test\test.ps1'
$time[7]='2012-11-13T03:26:28.7084830Z'
$file[8]='E:\Downloads\test\test.time.ps1'
$time[8]='2012-11-13T05:32:51.8204830Z'
$file = New-Object string[] 11
$time = New-Object string[] 11
$file[0]='E:\Downloads\test\New Folder'
$time[0]='2012-11-13T03:11:11.4504830Z'
$file[1]='E:\Downloads\test\file1'
$time[1]='2012-11-10T01:12:14.6126918Z'
$file[2]='E:\Downloads\test\file2'
$time[2]='2012-11-10T01:12:14.6646918Z'
$file[3]='E:\Downloads\test\file3'
$time[3]='2012-11-10T01:12:14.7276918Z'
$file[4]='E:\Downloads\test\cover.jpg'
$time[4]='2012-11-10T01:12:14.7886918Z'
$file[5]='E:\Downloads\test\new 3.txt'
$time[5]='2012-11-13T06:47:05.4784830Z'
$file[6]='E:\Downloads\test\OldTime-record.ps1'
$time[6]='2012-11-13T05:50:11.7044830Z'
$file[7]='E:\Downloads\test\OldTime.ps1'
$time[7]='2012-11-13T05:22:18.2124830Z'
$file[8]='E:\Downloads\test\SaveTime.ps1'
$time[8]='2012-11-13T05:44:22.8514830Z'
$file[9]='E:\Downloads\test\test.ps1'
$time[9]='2012-11-13T03:26:28.7084830Z'
$file[10]='E:\Downloads\test\test.time.ps1'
$time[10]='2012-11-13T05:32:51.8204830Z'
Windows Vista / 7 and later
Windows Server 2003 and later
With a little effort you can use forfiles to get the last modified time of a specific file, seconds included:
REM "delims=" is required to avoid stripping AM/PM
for /f "delims=" %%i in ('"forfiles /m filename /c "cmd /c echo @ftime" "') do set modif_time=%%i
echo %modif_time%
Example output
7:33:54 AM
The value displayed is based on the local time of the computer and matches the time shown in the file properties dialog.
Usage help
http://technet.microsoft.com/en-us/library/cc753551.aspx
Windows XP
forfiles.exe is not available out of the box, however you can manually get the required executable. It's an old version which is part of the Windows 2000 Resource Kit. The syntax is case-sensitive and slightly different, and so is the output:
for /f %%i in ('"forfiles.exe -mfilename -c"cmd /c echo @FTIME" "') do set modif_time=%%i
echo %modif_time%
Example output
153354
Here the time value is displayed in the UTC format and is not affected by changes in time zone or daylight saving time. In this example the file was last modified at 15:33:54 (UTC).
Note You can obtain the newer forfiles.exe version by grabbing a copy of the file from any Windows 2003 Server installation or setup media.
Best Answer
File metadata (e.g. creation date, last modified, etc) is generally a matter of the file system, and can thus be modified using various software tools. In fact, some filesystems don't even track creation date (e.g. ext3 on linux tracks ctime, which is actually an inode change time). The metadata that is tracked will also vary from filesystem to filesystem - some filesystems will allow tracking of last access time, last modified, etc.
The ease of changing this "creation time" (or last modified, last accessed, etc) may vary from file system to file system, but in general, these timestamps are not 100% reliable.
I would imagine in a courtroom environment, one party would try to suggest the last modified times are good due to the user being of a certain ability, other file times matching, etc, while the opposing party would try an point out that file times can be faked. It's unclear to me which side would succeed in convincing a judge or jury as to what likely happened, unless a "smoking gun" of sorts is found that shows inconsistencies with the timestamps (e.g. two files created on the same date have wildly varying dates, or copies of the file were emailed before the supposed creation date, etc).
I'm not aware of any hardware methodologies to track modifications.