How to use the pyhindsight.utils.to_datetime function in pyhindsight

To help you get started, we’ve selected a few pyhindsight examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github obsidianforensics / hindsight / pyhindsight / plugins / time_discrepancy_finder.py View on Github external
if item.url in site or site.keys()[0] == '*':
                        if site[site.keys()[0]]['name'] == item.name:
                            m = re.search(site[site.keys()[0]]['regex'], item.value)
                            if m:
                                server = to_datetime(m.group(1), pytz.utc)
                                local = item.timestamp
                                delta = abs(server - local)
                                item.interpretation = u'Server-side Timestamp: {} | Local Timestamp: {} | ' \
                                                      u'Difference: {} [Time Discrepancy]'.format(server, local, delta)
                                parsedItems += 1

            elif item.row_type == u'url' or item.row_type == u'url (archived)':
                for site in url_set:
                    m = re.search(site, item.url)
                    if m:
                        server = to_datetime(m.group(1), pytz.utc)
                        local = item.timestamp
                        delta = abs(server - local)
                        item.interpretation = u'Server-side Timestamp: {} | Local Timestamp: {} | ' \
                                              u'Difference: {} [Time Discrepancy]'.format(server, local, delta)
                        parsedItems += 1

    # Description of what the plugin did
    return u"{} differences parsed".format(parsedItems)
github obsidianforensics / hindsight / pyhindsight / browsers / brave.py View on Github external
self.display_version = version_dict['version']

                for s, site in enumerate(history_json['sites']):
                    if history_json['sites'][s].get('location'):
                        last_accessed = history_json['sites'][s]['lastAccessedTime'] if history_json['sites'][s].get('lastAccessedTime') else history_json['sites'][s]['lastAccessed']

                        new_row = Brave.URLItem(s, history_json['sites'][s]['location'],
                                                history_json['sites'][s].get('title', ""),
                                                last_accessed, last_accessed,
                                                None, None, None, None, None, None, None, None, None, )

                        # Set the row type as determined earlier
                        new_row.row_type = row_type

                        # Set the row type as determined earlier
                        new_row.timestamp = to_datetime(new_row.last_visit_time, self.timezone)

                        # Add the new row to the results array
                        results.append(new_row)

            self.artifacts_counts[history_file] = len(results)
            log.info(" - Parsed {} items".format(len(results)))
            self.parsed_artifacts.extend(results)

        except:
            log.error(" - Error opening '{}'".format(os.path.join(path, history_file)))
            self.artifacts_counts[history_file] = 'Failed'
            return