Scroll to navigation

TIME-DECODE(1) General Commands Manual TIME-DECODE(1)

NAME

Time-decode - timestamp decoder and converter

SYNOPSIS

time-decode [-h] [--unix] [--umil] [--wh] [--whle] [--chrome] [--active] [--uhbe] [--uhle] [--cookie] [--oleb] [--olel] [--mac] [--hfsdec] [--hfsbe] [--hfsle] [--fat] [--msdos] [--systime] [--ft] [--hotmail] [--pr] [--auto] [--ms1904] [--ios] [--sym] [--gps] [--eitime] [--bplist] [--gsm] [--vm] [--tiktok] [--twitter] [--discord] [--ksuid] [--mastodon] [--meta] [--sony] [--uu][--guess] [--timestamp [DATE]] [--version]

DESCRIPTION

time-decode provides the functionality to decode various timestamps and UUIDs to aid digital forensics and incident response processes. The supported formats range from common ones, like Unix epochs, WebKit/Chrome timestamps and Microsoft's FILETIME to more exotic formats like LDAP/Active Directory timestamps and Metasploit payload UUIDs. In addition, even timestamps used by some social media services, like Twitter, are included.

OPTIONS

show this help message and exit
convert from Unix Seconds
convert from Unix Milliseconds
convert from Windows 64-bit Hex BE
convert from Windows 64-bit Hex LE
convert from Google Chrome time
convert from Active Directory value
convert from Unix Hex 32-bit BE
convert from Unix Hex 32-bit LE
convert from Windows Cookie Date (Low Value,High Value)
convert from Windows OLE 64-bit BE - remove 0x and spaces!
example from SRUM: 0x40e33f5d 0x97dfe8fb should be 40e33f5d97dfe8fb
convert from Windows OLE 64-bit LE
convert from Mac Absolute Time
convert from Mac OS/HFS+ Decimal Time
convert from HFS(+) BE times (HFS = Local, HFS+ = UTC)
convert from HFS(+) LE times (HFS = Local, HFS+ = UTC)
convert from FAT Date + Time (wFat)
convert from 32-bit MS-DOS time - result is Local Time
convert from 128-bit SYSTEMTIME
convert from FILETIME timestamp
convert from a Hotmail timestamp
convert from Mozilla's PRTime
convert from OLE Automation Date format
convert from MS Excel 1904 Date format
convert from iOS 11 timestamp
convert from Symantec's 12-byte AV timestamp
convert from a GPS timestamp
convert from a Google EI URL timestamp
convert from an iOS Binary Plist timestamp
convert from a GSM timestamp
convert from a VMWare Snapshot (.vmsd) timestamp
enter as "high value,low value"
convert from a TikTok URL value
convert from a Twitter URL value
convert from a Discord URL value
convert from a KSUID value
convert from a Mastodon URL value
convert from a Metasploit Payload UUID
convert from a Sonyflake URL value
convert from a UUID: 00000000-0000-0000-0000-000000000000
guess timestamp and output all reasonable possibilities
convert date to every timestamp
enter date as "YYYY-MM-DD HH:MM:SS.f" in 24h fmt.
without any argument given, the current date/time will be converted
show program's version number and exit

EXAMPLES

Guess the timestamp format and present most probable results

time-decode --guess 1631902084


Convert multiple timestamps of different formats at once






time-decode --unix 1631902084 --umil 1631951802869 






Extract time from a UUID






time-decode --uu b54adc00-67f9-11d9-9669-0800200c9a66 






Convert the current datetime to all implemented timestamp
  formats






time-decode --timestamp






Convert a specific datetime to all implemented timestamp
  formats






time-decode --timestamp "2020-09-17 20:00:00.123"










AUTHORS


Written by Corey Forman








REPORTING BUGS


When submitting a bug report, please include a description of the
    problem, how you found it, and your contact information. Submit bug reports
    to: https://github.com/digitalsleuth/time_decode








COPYRIGHT


This project is licensed under terms of the MIT License -
    https://opensource.org/licenses/MIT. Copyright by Corey Forman


This manual page was written by Jan Gruber
    <j4n6ru@gmail.com>, for the Debian project (and may be used by
    others).








SEE ALSO


Additional information on time-decode appears in the README file,
    distributed with the time-decode source code.







  

    v3.1.1 - May 2021
    Corey Forman