Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
4.14 Accessed Before
The “accessed_before” verb states that a file was last accessed before a given
time.
Usage
file(<file_path>).accessed_before(<time>)
file_path
Path to file on target file system
time
Time (in UTC) to compare against the file timestamp
Provided in one of the following formats
- yyyy-mm-ddThh:mm:ss (ISO 9601)
- yyyy-mm-dd
Truth Table
TRUE
file_path was last accessed before time
FALSE
file_path was last accessed after time
INVALID
file_path does not exist, is not a file, or access was denied
112
SECRET//NOFORN