hi
first of all, im sorry for the (probably) noob question and for my english
as far as I know, tails is supposed not to write any information on a computer's hard disks except what you explicitly ask it to write,
but recently I noticed that, when I mount a truecrypt file hosted container and modify a document in it and dismount it, the container's "last modified" date changes, why? isnt tails supposed to write ONLY what I explicitly write, which would mean leaving the last modified date untouched (as if the container file hadnt been modified)?
and besides that, what else can be leaked when I work with a tc file hosted container that is in the computers hard disk?
thanks
when you write to a file in a Truecrypt container Truecrypt writes to that container, and whenever an app writes to any file the filesystem itself will mark that files as modified, that just how filesystems work.
Tails only writes to files that you explicitly want it to write to on the harddrive but that doesn't mean that it will prevent the filesystem from doing its thing when you work on the file, certain basic functions like the modified date being changed when you modify something is simply something outside of Tails' control. They could theoretically stop writing proper metadata to the file but that could very well result in filesystem corruption so I don't see that as being such a good idea.
well as mentioned earlier basic metadata like access time and modification time is changed but besides that I can't think of any other data that could leak by simply mounting and writing to a TC file in Tails.