pyevtx-rs icon indicating copy to clipboard operation
pyevtx-rs copied to clipboard

Published 20 hours ago verified publisher icon omerbenamram

Misunderstanding of 'timestamp' field

Open yarden-nadav opened this issue 1 year ago • 0 comments

As I'm working with PyEvtxParser, I've noticed 2 distinct fields with the purpose of representing time. One of the is 'timestamp' just under root, and second is 'TimeCreated' under 'System' key. On Event Viewer the time represented is the time of 'TimeCreated' and in my example 'timestamp' is delayed by approximately 30 seconds. Can you clarify on that obscurity?

yarden-nadav avatar Dec 04 '23 12:12 yarden-nadav