I have IEF looking at an unallocated cluster for a search hit, it pulls the date/time.
Looking at this image bellow it is to my understanding the yellow box B02D8366550Ac801 is the last access time. What format is this time stored in? FILETIME? also any converters?
Depends on what IEF has found. If its one artifact, it could be FILETIME. Another, it might be Unix time. Without putting context to what IEF found, you're just mindlessly regurgitating reports.
You have to be smarter than your tools.
Running it through Sanderson DateDecode gives a FILETIME of 10/9/2007. Not unreasonable. It gives a Unix 100 nanoseconds format of 9/4/2010. Seems more likely. And it gives a NSDate of 1/1/2001. NSDate isn't use for any internet artifacts, that I am aware of.
Terry
Depends on what IEF has found. If its one artifact, it could be FILETIME. Another, it might be Unix time. Without putting context to what IEF found, you're just mindlessly regurgitating reports.
You have to be smarter than your tools.
Running it through Sanderson DateDecode gives a FILETIME of 10/9/2007. Not unreasonable. It gives a Unix 100 nanoseconds format of 9/4/2010. Seems more likely. And it gives a NSDate of 1/1/2001. NSDate isn't use for any internet artifacts, that I am aware of.
Terry
Huh i ran it through Sanderson Datedecode and it was just blank, hence why I was wondering why i thought it was strange.
The date should be 10/9/2007 918 utc so sounds right