I thought I’d share a little tip I found recently. I was searching for a way to find files created between 2 dates on a Linux box. There’s a lot of reasons you might want to do this. Maybe you need to archive some files, maybe you’ve been breached and need to check what files have been modified. Whatever the reason, these are the commands to run that will do the job for you.
- touch -m -t 200901010000 /tmp/startdate
- touch -m -t 200801012359 /tmp/enddate
- find . -newer /tmp/startdate ! -newer /tmp/enddate
The touch commands will create 2 reference files with the timestamp 01.01.2009 00:00 and 01.01.2009 23:59. Using these reference files you can then run the find command to find everything newer than the first file, but NOT newer than the second file. Remember to delete the files from /tmp when you’re done 
- rm /tmp/startdate /tmp/enddate
I’ll try and write-up a script for the PenTester Scripting project when I get some time.
