[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#994594: ITP: time-decode -- timestamp decoder and converter

Package: wnpp
Severity: wishlist
Owner: Jan Gru <j4n6ru@gmail.com>
X-Debbugs-Cc: debian-devel@lists.debian.org, debian-security-tools@lists.debian.org

* Package name    : time-decode
  Version         : 3.1.1
  Upstream Author : Corey Forman
* URL             : https://github.com/digitalsleuth/time_decode
* License         : MIT
  Programming Lang: Python
  Description     : timestamp decoder and converter

time-decode provides the functionality to decode various timestamps
and UUIDs to aid digital forensics and incident response
processes. The supported formats range from common ones, like Unix
epochs, WebKit/Chrome timestamps and Microsoft's FILETIME to more
exotic formats like LDAP/Active Directory timestamps and Metasploit
payload UUIDs. In addition, even timestamps used by some social media
services, like Twitter, are included.

** Relevance of the package
In most DFIR investigations temporal information is particularly
important. Analysts often stumble over various timestamps and need to
convert and normalize them quickly. While toolkits like plaso can help
with the normalization of logfiles in bulk, Debian's package archives
lack tooling for the convenient conversion of single timestamps of
either known or unknown format. Given this finding and my experience
from using it, time-decode seems to be an valuable prospective package
to round off Debian's collection of forensic tools.

** Maintainenace plan
I suggest to maintain time-decode inside the pkg-security-team's
repository on salsa, since most of the packages related to forensics
live there. However, I am looking for a sponsor for this package -
ideally a member of the pkg-security-team.

Reply to: