Timestamps need "Z" for timezone

ajnelson / sleuthkit

The Sleuth Kit (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

http://www.sleuthkit.org/sleuthkit/

1 stars 0 forks source link

Timestamps need "Z" for timezone #12

Closed ajnelson closed 11 years ago

ajnelson commented 11 years ago

This is a semi-regression from alpha2 to beta1: The FAT code correctly removes timezones from timestamps by default. However, XTAF stores its timestamps as UTC, so Z is appropriate once again.

ajnelson commented 11 years ago

Per the top of fiwalk.cpp's definition of file_infot, this looks like the macro for TSK_FS_TYPE_ISFAT is interpreting XTAF types as FAT types.

ajnelson commented 11 years ago

Resolved in 37ac5c8988373779871496d8f4f45de9a2ca4695.