Incorrect time on a Windows device or server can prevent security updates or user authentication, and it can interfere with a forensics investigation.
The recent U.S. daylight saving time change reminded me of a key element in security and computing: time. Setting computers to the proper time is key to authentication and to keeping systems updated and secure. When you are dealing with forensics, you need to know the exact time to which each device is set to correlate events in a timeline.
In the native operating of Windows, it’s important to have a system synchronize your device’s time with either a domain controller set to the proper time or to an external time source. Computers use time to determine if SSL certificates are valid and can be trusted and to check with the Windows update servers to determine if the digital signature of the patch is valid.
If you’ve ever turned a computer on and the CMOS battery no longer keeps it in proper time, you know the machine won’t get online, react to websites or install updates. Once you reset the time, the machine suddenly works properly. You will not be able to log into domain-joined machines that rely on Kerberos authentication that are out of sync by more than five minutes. Keeping time accurate is also mandated for credit card (PCI) transactions, as well as other financial transactions