Browser (such as safari, chrome)'s history date&time are not set in the current timezone(ex. UTC+9)

[n-sangsasitorn]

Hello! I used storyline file to investigate the machine. After trying several times, even I used the browser all the time, but the event that coming upfront is those Syslog, Install event.

When I checked carefully, I found out that for the browser history (such as safari, chrome), the date and time is all in UTC+0 timezone while those Syslog, Install event etc. are in current time zone (UTC+9). So, the browser events' time is not aligned with the other events. I have tried with other mac computers as well. The behavior is the same, so timezone of browser history date&time is not in the current timezone.

As testing, I have tried running command on 28/03/2023 5pm (UTC+9 timezone) Safari history: shows the URL that I just opened on 7:57am

Storyline.csv

Could you check about it?

Thank you so much.

[n-sangsasitorn]

I tried again. Somehow, the timestamp of the event (both browser and syslog) becomes aligned in UTC+0 timezone. I'm not sure what is the reason of that behavior. Since timestamp shows in different timezone with us, so I use the script to process the timestamp to current timezone. It would be nice if the timestamp of the event is converted to timezone set by the mac computer automatically.

[stuartjash]

I am looking into this. Most of the different events on macOS are in different time formats - epoch, mac absolute, local timezone, utc, etc. So we are attempting to convert all of them to utc for consistency sake. It sounds like that isn't happening on all of the items (syslog, install events, etc). I will look into it. Lmk if I have any of that inaccurate.

[stuartjash]

I couldn't reproduce the issue of inconsistent timestamps. All times are converted to UTC +0 as I mentioned above. We can close this unless you start seeing timestamps unaligned again. Or feel free to open a feature request for converting timestamps to local instead of utc.

[n-sangsasitorn]

Thank you so much for confirmation. I will close this issue.

[n-sangsasitorn]

I opened this issue again as I started to see timestamps unaligned. This time, syslog is in my current timezone (UTC+9 or Japan Standard Time) while the other events is in UTC+0. It happened to both of my machines:

• Macbook Pro, Ventura OS
• Macbook Air, Monterey OS

I attached the storyline file for your reference (One is storyline.csv when I set Japan timezone and the another one is storyline.csv when I set UTC+0's timezone ) I ran Aftermath for UTC+0 first and then, I converted timezone back to JST, restarted, and ran Aftermath again for JST.

Thank you so much!

storyline_UTCtimezone.csv storyline_JapanStandardTime.csv

[stuartjash]

Thanks for the info. I found the issue and will have a fix in the next release.