Python 3 timestamp decode/encode tool
Project description
Time Decode
A Python 3 timestamp and date decoder/encoder.
I noticed a lack of timestamp conversion utilities in a number of different linux systems. Since I happen to use linux in my day-to-day work I thought this would help.
This was developed with the Digital Forensics field in mind, so all of the testing has been done with the up-to-date SIFT Kit from SANS. If you have any questions, suggestions, helpful thoughts of any kind, please feel free to drop me a line.
Requirements
For python3, dateutil does not come pre-installed as a module. It will need to be installed manually:
sudo apt-get install python3-dateutil
or python3 -m pip install python-dateutil
Install
python3 -m pip install time-decode
or python3 -m pip install git+https://github.com/digitalsleuth/time_decode
This python script provides the following conversions from existing timestamps:
- 128-bit SYSTEMTIME
- 32-bit MS-DOS time, result is Local
- Active Directory value
- Bitwise decimal 10-digit
- DHCP6 DUID
- Discord URL
- FAT Date + Time (wFat)
- FILETIME
- GMail Boundary
- GMail Message ID
- Google Chrome value
- Google EI URL (thanks to http://cheeky4n6monkey.blogspot.com/2014/10/google-eid.html)
- GPS
- GSM
- HFS(+) BE, HFS Local, HFS+ UTC
- HFS(+) LE, HFS Local, HFS+ UTC
- Hotmail
- iOS 11
- iOS Binary Plist (Mac Absolute + milli/nano seconds)
- KSUID 27-character
- KSUID 9-digit
- Mac Absolute Time
- Mac OS/HFS+ Decimal Time
- Mastodon URL
- Metasploit Payload UUID
- Motorola's 6-byte
- Mozilla's PRTime
- MS Excel 1904 Date
- .NET DateTime
- Nokia 4-byte
- Nokia 4-byte LE
- Nokia S40 7-byte
- Nokia S40 7-byte LE
- OLE Automation Date
- Samsung/LG 4-byte
- Sonyflake URL (Sony version of Twitter Snowflake)
- Symantec's 6-byte AV
- TikTok URL
- Twitter URL
- Unix Hex 32-bit BE
- Unix Hex 32-bit LE
- Unix Milliseconds
- Unix Seconds
- UUID
- VMWare Snapshot (.vmsd)
- Windows 64-bit Hex BE
- Windows 64-bit Hex LE
- Windows Cookie Date (Low,High)
- Windows OLE 64-bit BE (SRUM as well)
- Windows OLE 64-bit LE
Note that HFS times are in Local Time, where HFS+ times are in UTC. MS-DOS 32 bit Hex values and MS-DOS FAT Date+Time are also in Local Time of the source generating the timestamp. All other times, unless expressly mentioned, are in UTC.
I have added a feature to 'guess' in what format the timestamp is that you've provided. This will run the timestamp you provide against all methods, and provide an output if human-readable. There is also the ability to convert a date-time to all of the aforementioned timestamps. Simply use the following command:
time-decode --timestamp "2017-06-02 13:14:15.678"
or for timezones use:
time-decode --timestamp "2017-06-02 13:14:15 -5"
The date/time you enter should be in the "YYYY-mm-dd HH:MM:SS.sss" format with the double-quote included, but does not require milli/micro/nano seconds to work. (Double-quote required for Windows Python) If anyone has any other timestamps they think should be added to this tool, please let me know.
References/Sources for all material can be found in the docstrings in the python script.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for time_decode-4.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7f65f1496de3a366f4115b5863d6a7d2cb09fbc20aeb11b85c25cc1dda08c716 |
|
MD5 | 0107d6bb22518faf6437c1c1b2d1db7e |
|
BLAKE2b-256 | 44cc1dd18f1487122ba4270ce35508f658f9bb5e8fe94a5ea7bc3e0c98cfdfba |