So when I was at shmoocon, I was talking with some people about my thesis: Role Based File Archiving. The main problem I ran into with my research was that I couldn't find a good way to -- when archiving files -- to provide integrity or non-repudiation to the MAC timestamps (Modified, last Accessed, Created).
The above being said, my programmatic work around was to read the time stamps before copy, but then rewrite them after copy. The problem is that I don't want to have to do this, and this opens up a potential "weak link" in an archiving system especially in court if I can prove you can change the MAC stamps when archiving.
My question is: Does anyone know of a programatic way to archive files and folders in NTFS and ext3/4 that will truly archive the file (provide transparent archiving, for legal purposes... or just to know that it hasn't/can't be modified without an audit trail) for non-repudiation purposed and/or integrity purposes?