Add SYSTEMTIME Support to BinConvert #65
Conversation
|
@reece394 are there any other formats available to add support for that would make sense to put in the effort for? I imagine the data interpreter has all the options available to us? I know we have a good amount of heavy hitters so far but curious if there are any other glaring omissions. |
|
When I had a look through we will probably need DOS FAT Time Date / DOS FAT Time Date and OLE 2.0 Date Time as well at some point. I was going to test these at some point in the future when I had more time. Unfortunately I won’t be able to contribute too much for the next while But yeah honestly it wouldn’t be too much effort to take all the conversions from the data interpreter and add them to there since with the code already written it should be a quick copy paste job with some minor edits |
|
One other thing I've always wanted was lookup tables similar to EvtxECmd. Rather than use comments to resolve values, we could actually interpret and resolve values. |
|
This sounds like a great idea to implement in a future version. Would definitely be more flexible than the current implementation. Might take a bit of effort to integrate that in though |
|
changes pushed to binaries |
Description
I added the ability to convert Registry Key Values to SYSTEMTIME. This is based off the code I borrowed from the Data Interpreter in Registry Explorer with minor edits (I figured if it works why reinvent the wheel). This is needed so I can add LogonStats to DFIRBatch. Below is a preview of it working.
Checklist:
Please replace every instance of
[ ]with[X]OR click on the checkboxes after you submit your PRGUIDfor my Batch file(s).\RECmd\BatchExamplesdirectoryThank you for your submission and for contributing to the DFIR community!