Schlagwort-Archive: timezone

Let’s talk about time – in a different blog

Veröffentlicht am von
Antworten

I wrote a blogpost, but in a different blog that I however wanted to link to. It is a blog that is maintained by a bunch of open source digital forensics incident response people some of which are my current team mates.

The blogpost is about Time. More specific on some general ideas and concepts around time. It then goes on to explain how time is relevant in IT and why it is important in digital forensics. It also contains some recommendations that everyone can (and should) apply.

Here is a except of the goal of the blog post:

Goal
This article explains the importance and challenges of time in digital forensics and incident response. You will learn how time is handled in various open source tools and get practical tips on managing time in your environment.

Are you curious: go over to: https://osdfir.blogspot.com/2021/06/lets-talk-about-time.html

REMNux set time

Veröffentlicht am von
1

REMNux, an awesome Unix distribution built by Lenny Zeltser for reverse engineering malware. It is build for out of the box reversing.

The documentation is almost complete, but one point I was missing while using it is quite important: correct time settings!
In order to check certain logs, contain evidence etc you want to have an accurate time setting on the system.

First: set the right timezone:

sudo dpkg-reconfigure tzdata

The first shot then would be NTP by:
sudo ntpdate ntp.ubuntu.com #or your prefered NTP server (maybe in your lab envirenment)

Because of the content running in the system, you might want to limit network access so NTP might not be available.
To set the date manually use:

sudo date $newdatetimestring
Format:
nnddhhmmyyyy.ss

To print this string on another unix system use the following command:
date "+%m%d%I%M%Y.%S"
040211422014.48

Copy this string and modify it according to the difference between copy paste process.
Check your correct date settings with:
date

Now happy reversing

Reference: Install REMNUX as virtual instance