I am new to Python (non-programmer writing my first useful program). I am writing a script for forensic investigations and have run into a few problems with regards to time zones.
By using:
file.seek(16)
z[1] = time.gmtime(((struct.unpack("=Q", file.read( 8 ))[0])/10000000)-11644473600)
I can get the date information correctly. I can then turn that into a string with time.strftime.
Now, when I create timelines, I want to be able to match all of the time stamps to the timezone of the suspect computer; ergo, I need to be able to specify the time zone for output at the cmd prompt.
Here's my problem. The only way I know to properly extract the time from the file is with the above command. If I do that, I cannot change or modify time.struct tuple to reflect the timezone change that I need.
Now, if I could get the time via timedata (or in a float that timedata could read), I could use the timedelta function to add/subtract the timezone. Unfortunately, I cannot extract the time from the binary file via any format that timedata can use.
Can anyone point me in the right direction?
:ahhhh:
By using:
file.seek(16)
z[1] = time.gmtime(((struct.unpack("=Q", file.read( 8 ))[0])/10000000)-11644473600)
I can get the date information correctly. I can then turn that into a string with time.strftime.
Now, when I create timelines, I want to be able to match all of the time stamps to the timezone of the suspect computer; ergo, I need to be able to specify the time zone for output at the cmd prompt.
Here's my problem. The only way I know to properly extract the time from the file is with the above command. If I do that, I cannot change or modify time.struct tuple to reflect the timezone change that I need.
Now, if I could get the time via timedata (or in a float that timedata could read), I could use the timedelta function to add/subtract the timezone. Unfortunately, I cannot extract the time from the binary file via any format that timedata can use.
Can anyone point me in the right direction?
:ahhhh: