Timestamps, timestamps, timestamps. You may not realize just HOW MANY different formats these critical pieces of forensic evidence can come in! In my latest video, we explore a few of them, and talk about which one you may want to gravitate toward for your logs and other evidence. https://lnkd.in/eAqpWMsg
DFIR Fundamentals - Timestamp Formats
https://www.youtube.com/
Provided of course keeping up with updates is also taken into consideration see RFC9557:2024 https://www.rfc-editor.org/rfc/rfc9557
ISO 8601 is pretty complex, with all the various different options. Do you recommend something simpler? Like maybe RFC-3339 (see https://www.rfc-editor.org/rfc/rfc3339)?
Oh man, I realize. 😆 I wrote my thesis on timestamps (within and across various OS) several years ago 😆 🙄
CISO @ Careful Security | CISSP, CISA, GPEN
1moPhil Hagen, your video on timestamps is spot on! In the world of cybersecurity, especially when dealing with security monitoring and regulatory compliance, understanding the nuances of timestamp formats is crucial. Great insights!