One of the most important parts of digital forensics is working out when things happened. When did a file get last accessed or modified? When did a user access this website? What was happened yesterday at 4.30PM? This would be very easy if the entire world was based in UTC, or at least all operating systems and log files stored time in UTC in the same format. Instead, we have various mixtures of UTC and local time, stored in Windows time format (100 nanosecond intervals since Jan 1st 1601) or Unix epoch format (seconds since Jan 1st 1970), a plain string format or however each programming language decides to encode time. This is especially important when doing forensics for global companies where the investigation can be carried out on several computers spanning different timezones, and the investigator is in a different timezone too. Establishing a common timezone is imperative, so not to get lost with local times and correlating evidence. Even on the same machine this is difficult - the Windows registry is in UTC, but setupapi.log and other important log file are in localtime.
Skye Google MP3 sharing RIPA malware Gullane binky Itiel Dror restaurant induction cases Machame camp Google Chrome UK Cyber Security Strategy answers intelligence Windows Number One Brigitte Reusch DNA stew Data Protection Act SMS Hayes commands piggy bank Mendeley risotto The cloud Lake Como O2 timestamps Post Secret steganography search rock government compSIA. Security+ tags lectures gig magnets Routine Activities Theory Girl Geeks AJAX Geocities résumé usability bibliography IE favicon shoes guidelines birthday paradox Registry Belgium fabrics treats sewing Michelin restaurant altitude sickness