search

thomhughes / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

suggested output change to netscan #81

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
When testing netscan, I noticed that for entries without a create time, 
(listening sockets for example) that the printed create date was 1/1/70 
00:00:00. While most programmers know about this date it will certainly be 
unfamiliar to a number of people using Volatility. It will also really mess up 
people if they build timeliners based off the output. 

I think the output function here:

http://code.google.com/p/volatility/source/browse/branches/Volatility-1.4_rc1/vo
latility/plugins/netscan.py#248

should check the incoming ctime and if its equal to the 1/1/70 date then it 
should be overwritten to 0 (or something else obvious) for clarity

Original issue reported on code.google.com by atc...@gmail.com on 15 Feb 2011 at 4:59

GoogleCodeExporter commented 9 years ago 
I second this suggestion.  I can see how "1/1/70 00:00:00" will lead to 
confusion for a lot of users...  Maybe if we put dashes instead of the date?

Original comment by jamie.l...@gmail.com on 15 Feb 2011 at 4:21

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r792.

Original comment by mike.auty@gmail.com on 15 Feb 2011 at 8:14