In the first of our new 'Digital Forensics Essentials' series, Principal Analyst, Alex Caithness, kicks things off with a dive into the epoch timestamp.
Establishing when an event occurred is a fundamental part of almost every digital investigation, so understanding how systems store timestamps is essential. In this vlog, Principal Analyst Alex Caithness, explains how one of the most common methods of encoding timestamps: the epoch timestamp, works.
The video covers the basic mechanism used to encode these timestamps, common formats, methods and tools to decode them (including CCL's Rabbithole data viewer and suggested coding functions Python, Excel and SQLite queries).
The topics covered in the video are also summarised in our handy cheat sheet which you can download here.