Provided by: time-decode_4.2.0-2_all
NAME
Time-decode - timestamp decoder and converter
SYNOPSIS
time-decode [-h] [--unix] [--umil] [--wh] [--whle] [--chrome] [--active] [--uhbe] [--uhle] [--cookie] [--oleb] [--olel] [--mac] [--hfsdec] [--hfsbe] [--hfsle] [--fat] [--msdos] [--systime] [--ft] [--hotmail] [--pr] [--auto] [--ms1904] [--ios] [--sym] [--gps] [--eitime] [--bplist] [--gsm] [--vm] [--tiktok] [--twitter] [--discord] [--ksuid] [--mastodon] [--meta] [--sony] [--uu][--guess] [--timestamp [DATE]] [--version]
DESCRIPTION
time-decode provides the functionality to decode various timestamps and UUIDs to aid digital forensics and incident response processes. The supported formats range from common ones, like Unix epochs, WebKit/Chrome timestamps and Microsoft's FILETIME to more exotic formats like LDAP/Active Directory timestamps and Metasploit payload UUIDs. In addition, even timestamps used by some social media services, like Twitter, are included.
OPTIONS
-h, --help show this help message and exit --unix UNIX convert from Unix Seconds --umil UMIL convert from Unix Milliseconds --wh WH convert from Windows 64-bit Hex BE --whle WHLE convert from Windows 64-bit Hex LE --chrome CHROME convert from Google Chrome time --active ACTIVE convert from Active Directory value --uhbe UHBE convert from Unix Hex 32-bit BE --uhle UHLE convert from Unix Hex 32-bit LE --cookie COOKIE convert from Windows Cookie Date (Low Value,High Value) --oleb OLEB convert from Windows OLE 64-bit BE - remove 0x and spaces! example from SRUM: 0x40e33f5d 0x97dfe8fb should be 40e33f5d97dfe8fb --olel OLEL convert from Windows OLE 64-bit LE --mac MAC convert from Mac Absolute Time --hfsdec HFSDEC convert from Mac OS/HFS+ Decimal Time --hfsbe HFSBE convert from HFS(+) BE times (HFS = Local, HFS+ = UTC) --hfsle HFSLE convert from HFS(+) LE times (HFS = Local, HFS+ = UTC) --fat FAT convert from FAT Date + Time (wFat) --msdos MSDOS convert from 32-bit MS-DOS time - result is Local Time --systime SYSTIME convert from 128-bit SYSTEMTIME --ft FT convert from FILETIME timestamp --hotmail HOTMAIL convert from a Hotmail timestamp --pr PR convert from Mozilla's PRTime --auto AUTO convert from OLE Automation Date format --ms1904 MS1904 convert from MS Excel 1904 Date format --ios IOS convert from iOS 11 timestamp --sym SYM convert from Symantec's 12-byte AV timestamp --gps GPS convert from a GPS timestamp --eitime EITIME convert from a Google EI URL timestamp --bplist BPLIST convert from an iOS Binary Plist timestamp --gsm GSM convert from a GSM timestamp --vm VM convert from a VMWare Snapshot (.vmsd) timestamp enter as "high value,low value" --tiktok TIKTOK convert from a TikTok URL value --twitter TWITTER convert from a Twitter URL value --discord DISCORD convert from a Discord URL value --ksuid KSUID convert from a KSUID value --mastodon MASTODON convert from a Mastodon URL value --meta META convert from a Metasploit Payload UUID --sony SONY convert from a Sonyflake URL value --uu UU convert from a UUID: 00000000-0000-0000-0000-000000000000 --guess GUESS guess timestamp and output all reasonable possibilities --timestamp [DATE] convert date to every timestamp enter date as "YYYY-MM-DD HH:MM:SS.f" in 24h fmt. without any argument given, the current date/time will be converted --version, -v show program's version number and exit
EXAMPLES
Guess the timestamp format and present most probable results time-decode --guess 1631902084 Convert multiple timestamps of different formats at once time-decode --unix 1631902084 --umil 1631951802869 Extract time from a UUID time-decode --uu b54adc00-67f9-11d9-9669-0800200c9a66 Convert the current datetime to all implemented timestamp formats time-decode --timestamp Convert a specific datetime to all implemented timestamp formats time-decode --timestamp "2020-09-17 20:00:00.123"
AUTHORS
Written by Corey Forman
REPORTING BUGS
When submitting a bug report, please include a description of the problem, how you found it, and your contact information. Submit bug reports to: https://github.com/digitalsleuth/time_decode
COPYRIGHT
This project is licensed under terms of the MIT License - https://opensource.org/licenses/MIT. Copyright by Corey Forman This manual page was written by Jan Gruber <j4n6ru@gmail.com>, for the Debian project (and may be used by others).
SEE ALSO
Additional information on time-decode appears in the README file, distributed with the time-decode source code.