Decode - Forensic Date/Time Decoder

Decode - Forensic Date/Time Decoder

This utility was designed to decode the various date/time values found embedded within binary and other file types. This release now supports the following date/time formats and will allow you to specify the offset from GMT.

• Windows 64 Bit (Little Endian) Date & Time

• Windows 64 Bit (Big Endian) Date & Time

• Windows Cookie Format Date & Time

• Windows Filetime Format Date & Time

• Unix 32 Bit (Little Endian) Date & Time

• Unix 32 Bit (Big Endian) Date & Time

• Unix Numeric Date & Time

• MAC Absolute Date & Time

• MS-DOS 32 Bit Date & Time

• HFS 32 Bit (Little Endian) Date & Time

• HFS 32 Bit (Big Endian) Date & Time

• HFS+ 32 Bit (Little Endian) Date & Time

• HFS+ 32 Bit (Big Endian) Date & Time

Date and time values are stored within Windows in various formats. For example, Internet History - index.dat, recycle bin INFO files, windows link files and Microsoft Office documents all contain a 64bit date/time structure.

During a forensic examination, you may need to decode a date or verify the date provided to you by forensic software. This is where decode comes in. Decode can take a decimal value or a HEX value and convert it into a date & time in a variety of formats.

Download Decode

-- Anish