Closed GoogleCodeExporter closed 8 years ago
Original comment by jamie.l...@gmail.com
on 30 Jul 2012 at 3:05
also shellbags (under registry)
Original comment by jamie.l...@gmail.com
on 27 Aug 2012 at 11:25
Any opinions on whether this is worth doing in time for 2.3?
Original comment by michael.hale@gmail.com
on 1 Feb 2013 at 4:28
Please take a look at the corrected implementation for UnixTimeStamp:
https://code.google.com/p/volatility/source/browse/branches/scudette/volatility/
plugins/overlays/basic.py#361
This already supports outputting in the required timezone which can be
specified on the command line. Essentially whenever any timestamp is printed
out it will be converted to the same timezone (and the offset is also always
shown). For example by default pslist shows times in UTC:
0x81e61da0 svchost.exe 940 668 13 312 0 False
2010-10-29 17:08:55+0000 -
But when specifying --timezone Australia/Sydney
0x81e61da0 svchost.exe 940 668 13 312 0 False
2010-10-30 04:08:55+1100 -
Posting this code to trunk should be very easy.
Original comment by scude...@gmail.com
on 1 Feb 2013 at 9:20
Thanks! Gleeda do you want to take a shot at this? It could be useful to your
timeliner plugin. Also it would be good to incorporate the timezone settings
for Linux/Mac timestamps. I'll set it as 2.3, but we can vote on if its a
release blocker or not. I just figured if its fairly easy and doesn't take too
much time, we might as well do it for 2.3 if we can.
Original comment by michael.hale@gmail.com
on 2 Feb 2013 at 6:41
sure I can take a stab at it :-)
Original comment by jamie.l...@gmail.com
on 2 Feb 2013 at 11:46
a partial fix has been committed in revision 3063. next we'll fix *nix
timestamps
Original comment by jamie.l...@gmail.com
on 6 Feb 2013 at 1:02
All nix, mac, and windows timestamps now use --tz
Original comment by michael.hale@gmail.com
on 2 Apr 2013 at 2:42
Original issue reported on code.google.com by
jamie.l...@gmail.com
on 30 Jul 2012 at 3:04