    A brief history of time stamps


    There are various methods of recording dates and times on computers and computing devices and as a forensic investigator it is useful to understand the main formats and also to have an understanding of why dates are stored in the way that they are. For those of us who like to delve a little deeper into file formats some familiarity with how these dates ‘look’ in a hex dump can help when reverse engineering a new file format.

    During this short discourse I will be presenting screenshots taken using software developed by Sanderson Forensics – RevEnge. ...
    RevEnge is a fully featured hex viewer designed with Reverse Engineering in mind, hence the name. It comes packed with features not seen in other Hex viewers such as its ability to perform on the fly decompression of ZLib compressed data, display and search for dates in multiple date formats and decode SMS messages encoded in GSM PDU 7 bit ASCII.