Name | time-decode JSON |
Version |
8.0.0
JSON |
| download |
home_page | None |
Summary | Python 3 timestamp decode/encode tool |
upload_time | 2024-07-15 22:46:08 |
maintainer | None |
docs_url | None |
author | None |
requires_python | >=3.6 |
license | MIT License Copyright (c) 2023 Corey Forman Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
keywords |
digital forensics
dfir
timestamp
decode
encode
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
# Time Decode
A Python 3 timestamp and date decoder/encoder.
I noticed a lack of timestamp conversion utilities in a number of different linux systems. Since I happen to use linux in my day-to-day work I thought this would help.
This was developed with the Digital Forensics field in mind, so all of the testing has been done with the up-to-date SIFT Kit from SANS.
If you have any questions, suggestions, helpful thoughts of any kind, please feel free to drop me a line.
# Requirements
For python3, dateutil does not come pre-installed as a module. It will need to be installed manually:
`sudo apt-get install python3-dateutil` or `python3 -m pip install python-dateutil`
# Install
`python3 -m pip install time-decode` or `python3 -m pip install git+https://github.com/digitalsleuth/time_decode`
This python script provides the following conversions from existing timestamps:
- 128-bit SYSTEMTIME
- 32-bit MS-DOS time, result is Local
- Active Directory value
- Apache Cookie
- Apple Biome hex value
- Apple Biome 64-bit decimal value
- Bitwise decimal 10-digit
- BPlist (as NSDate)
- Cocoa Core (as NSDate)
- DHCP6 DUID
- Discord URL
- exFAT
- FAT Date + Time (wFat)
- FILETIME
- GMail Boundary
- GMail Message ID
- Google Chrome value
- Google EI URL
- GPS
- GSM
- HFS(+) BE, HFS Local, HFS+ UTC
- HFS(+) LE, HFS Local, HFS+ UTC
- Hotmail
- iOS 11+ (as NSDate)
- Julian Decimal date
- Julian Hex date
- KSUID 27-character
- KSUID 9-digit
- LEB128 hex
- Mac Absolute Time (as NSDate)
- Mac OS/HFS+ Decimal Time
- Mastodon URL
- Metasploit Payload UUID
- Motorola's 6-byte
- Mozilla's PRTime
- MS Excel 1904 Date
- .NET DateTime
- Nokia 4-byte
- Nokia 4-byte LE
- Nokia S40 7-byte
- Nokia S40 7-byte LE
- OLE Automation Date
- S32 Encoded (BlueSky Social)
- Samsung/LG 4-byte
- Semi-Octet decimal value
- Sonyflake URL
- Symantec's 6-byte AV
- TikTok URL
- Twitter URL
- Unix Hex 32-bit BE
- Unix Hex 32-bit LE
- Unix Milliseconds
- Unix Milliseconds (hex)
- Unix Seconds
- UUID
- VMWare Snapshot (.vmsd)
- Windows 64-bit Hex BE
- Windows 64-bit Hex LE
- Windows Cookie Date (Low,High)
- Windows OLE 64-bit BE (SRUM as well)
- Windows OLE 64-bit LE
Note that HFS times are in Local Time, where HFS+ times are in UTC. MS-DOS 32 bit Hex values and MS-DOS FAT Date+Time are also in Local Time of the source generating the timestamp. All other times, unless expressly mentioned, are in UTC.
I have added a feature to 'guess' in what format the timestamp is that you've provided. This will run the timestamp you provide against all methods, and provide an output if human-readable.
There is also the ability to convert a date-time to all of the aforementioned timestamps. Simply use the following command:
`time-decode --timestamp "2017-06-02 13:14:15.678"`
or for timezones use:
`time-decode --timestamp "2017-06-02 13:14:15 -5"`
The date/time you enter should be in the "YYYY-mm-dd HH:MM:SS.sss" format with the double-quote included, but does not require milli/micro/nano seconds to work. (Double-quote required for Windows Python)
If anyone has any other timestamps they think should be added to this tool, please let me know.
References/Sources for all material can also be found in the docstrings in the python script.
Raw data
{
"_id": null,
"home_page": null,
"name": "time-decode",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "\"Corey Forman (digitalsleuth)\" <github@digitalsleuth.ca>",
"keywords": "digital forensics, dfir, timestamp, decode, encode",
"author": null,
"author_email": "\"Corey Forman (digitalsleuth)\" <github@digitalsleuth.ca>",
"download_url": "https://files.pythonhosted.org/packages/20/1d/58c22cd002c063c9fdd354d15af53b15641cc16999762aed665980e39606/time_decode-8.0.0.tar.gz",
"platform": null,
"description": "# Time Decode\nA Python 3 timestamp and date decoder/encoder. \n\nI noticed a lack of timestamp conversion utilities in a number of different linux systems. Since I happen to use linux in my day-to-day work I thought this would help.\n\nThis was developed with the Digital Forensics field in mind, so all of the testing has been done with the up-to-date SIFT Kit from SANS.\nIf you have any questions, suggestions, helpful thoughts of any kind, please feel free to drop me a line.\n\n# Requirements\nFor python3, dateutil does not come pre-installed as a module. It will need to be installed manually:\n\n`sudo apt-get install python3-dateutil` or `python3 -m pip install python-dateutil`\n\n# Install\n`python3 -m pip install time-decode` or `python3 -m pip install git+https://github.com/digitalsleuth/time_decode`\n\nThis python script provides the following conversions from existing timestamps:\n\n- 128-bit SYSTEMTIME\n- 32-bit MS-DOS time, result is Local\n- Active Directory value\n- Apache Cookie\n- Apple Biome hex value\n- Apple Biome 64-bit decimal value\n- Bitwise decimal 10-digit\n- BPlist (as NSDate)\n- Cocoa Core (as NSDate)\n- DHCP6 DUID\n- Discord URL\n- exFAT\n- FAT Date + Time (wFat)\n- FILETIME\n- GMail Boundary\n- GMail Message ID\n- Google Chrome value\n- Google EI URL\n- GPS\n- GSM\n- HFS(+) BE, HFS Local, HFS+ UTC\n- HFS(+) LE, HFS Local, HFS+ UTC\n- Hotmail\n- iOS 11+ (as NSDate)\n- Julian Decimal date\n- Julian Hex date\n- KSUID 27-character\n- KSUID 9-digit\n- LEB128 hex\n- Mac Absolute Time (as NSDate)\n- Mac OS/HFS+ Decimal Time\n- Mastodon URL\n- Metasploit Payload UUID\n- Motorola's 6-byte\n- Mozilla's PRTime\n- MS Excel 1904 Date\n- .NET DateTime\n- Nokia 4-byte\n- Nokia 4-byte LE\n- Nokia S40 7-byte\n- Nokia S40 7-byte LE\n- OLE Automation Date\n- S32 Encoded (BlueSky Social)\n- Samsung/LG 4-byte\n- Semi-Octet decimal value\n- Sonyflake URL\n- Symantec's 6-byte AV\n- TikTok URL\n- Twitter URL\n- Unix Hex 32-bit BE\n- Unix Hex 32-bit LE\n- Unix Milliseconds\n- Unix Milliseconds (hex)\n- Unix Seconds\n- UUID\n- VMWare Snapshot (.vmsd)\n- Windows 64-bit Hex BE\n- Windows 64-bit Hex LE\n- Windows Cookie Date (Low,High)\n- Windows OLE 64-bit BE (SRUM as well)\n- Windows OLE 64-bit LE\n\nNote that HFS times are in Local Time, where HFS+ times are in UTC. MS-DOS 32 bit Hex values and MS-DOS FAT Date+Time are also in Local Time of the source generating the timestamp. All other times, unless expressly mentioned, are in UTC.\n\nI have added a feature to 'guess' in what format the timestamp is that you've provided. This will run the timestamp you provide against all methods, and provide an output if human-readable.\nThere is also the ability to convert a date-time to all of the aforementioned timestamps. Simply use the following command:\n\n`time-decode --timestamp \"2017-06-02 13:14:15.678\"`\nor for timezones use:\n`time-decode --timestamp \"2017-06-02 13:14:15 -5\"`\n\nThe date/time you enter should be in the \"YYYY-mm-dd HH:MM:SS.sss\" format with the double-quote included, but does not require milli/micro/nano seconds to work. (Double-quote required for Windows Python)\nIf anyone has any other timestamps they think should be added to this tool, please let me know.\n\nReferences/Sources for all material can also be found in the docstrings in the python script.\n",
"bugtrack_url": null,
"license": "MIT License Copyright (c) 2023 Corey Forman Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ",
"summary": "Python 3 timestamp decode/encode tool",
"version": "8.0.0",
"project_urls": {
"Homepage": "https://github.com/digitalsleuth/time_decode",
"References": "https://github.com/digitalsleuth/time_decode/blob/master/REFERENCES.md"
},
"split_keywords": [
"digital forensics",
" dfir",
" timestamp",
" decode",
" encode"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8871c95204115c2c9a9a08b03efe831baeba5b57a8fe5c5c8c47d2f89f70f7fd",
"md5": "7a0198de555faf558d41bebad8de12ff",
"sha256": "01e8524c492595a6bc042227da98a34e7119f1eb0ced6b20a848b78a833977ae"
},
"downloads": -1,
"filename": "time_decode-8.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7a0198de555faf558d41bebad8de12ff",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 41123,
"upload_time": "2024-07-15T22:46:06",
"upload_time_iso_8601": "2024-07-15T22:46:06.813296Z",
"url": "https://files.pythonhosted.org/packages/88/71/c95204115c2c9a9a08b03efe831baeba5b57a8fe5c5c8c47d2f89f70f7fd/time_decode-8.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "201d58c22cd002c063c9fdd354d15af53b15641cc16999762aed665980e39606",
"md5": "467f1242a27049ab3b805d05546bf40b",
"sha256": "e25b03f315128059c59c86dbf69ed44f5f29398d87efb74bbd218b7cb8c5c6e4"
},
"downloads": -1,
"filename": "time_decode-8.0.0.tar.gz",
"has_sig": false,
"md5_digest": "467f1242a27049ab3b805d05546bf40b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 41884,
"upload_time": "2024-07-15T22:46:08",
"upload_time_iso_8601": "2024-07-15T22:46:08.630871Z",
"url": "https://files.pythonhosted.org/packages/20/1d/58c22cd002c063c9fdd354d15af53b15641cc16999762aed665980e39606/time_decode-8.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-15 22:46:08",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "digitalsleuth",
"github_project": "time_decode",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "time-decode"
}