How to use the pyhindsight.utils.to_datetime function in pyhindsight
To help you get started, we’ve selected a few pyhindsight examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
obsidianforensics / hindsight / pyhindsight / plugins / time_discrepancy_finder.py View on Github 
if item.url in site or site.keys()[0] == '*':
if site[site.keys()[0]]['name'] == item.name:
m = re.search(site[site.keys()[0]]['regex'], item.value)
if m:
server = to_datetime(m.group(1), pytz.utc)
local = item.timestamp
delta = abs(server - local)
item.interpretation = u'Server-side Timestamp: {} | Local Timestamp: {} | ' \
u'Difference: {} [Time Discrepancy]'.format(server, local, delta)
parsedItems += 1
elif item.row_type == u'url' or item.row_type == u'url (archived)':
for site in url_set:
m = re.search(site, item.url)
if m:
server = to_datetime(m.group(1), pytz.utc)
local = item.timestamp
delta = abs(server - local)
item.interpretation = u'Server-side Timestamp: {} | Local Timestamp: {} | ' \
u'Difference: {} [Time Discrepancy]'.format(server, local, delta)
parsedItems += 1
# Description of what the plugin did
return u"{} differences parsed".format(parsedItems)self.display_version = version_dict['version']
for s, site in enumerate(history_json['sites']):
if history_json['sites'][s].get('location'):
last_accessed = history_json['sites'][s]['lastAccessedTime'] if history_json['sites'][s].get('lastAccessedTime') else history_json['sites'][s]['lastAccessed']
new_row = Brave.URLItem(s, history_json['sites'][s]['location'],
history_json['sites'][s].get('title', ""),
last_accessed, last_accessed,
None, None, None, None, None, None, None, None, None, )
# Set the row type as determined earlier
new_row.row_type = row_type
# Set the row type as determined earlier
new_row.timestamp = to_datetime(new_row.last_visit_time, self.timezone)
# Add the new row to the results array
results.append(new_row)
self.artifacts_counts[history_file] = len(results)
log.info(" - Parsed {} items".format(len(results)))
self.parsed_artifacts.extend(results)
except:
log.error(" - Error opening '{}'".format(os.path.join(path, history_file)))
self.artifacts_counts[history_file] = 'Failed'
returnpyhindsight
Browser forensics for Google Chrome/Chromium
Package Health Score
57 / 100Popular pyhindsight functions
- pyhindsight.__file__
- pyhindsight.__version__
- pyhindsight.analysis.AnalysisSession
- pyhindsight.analysis.HindsightEncoder
- pyhindsight.analysis.HindsightEncoder.base_encoder
- pyhindsight.browsers.brave.Brave
- pyhindsight.browsers.chrome.CacheEntry
- pyhindsight.browsers.chrome.Chrome
- pyhindsight.browsers.chrome.Chrome.__init__
- pyhindsight.browsers.chrome.Chrome.AutofillItem
- pyhindsight.browsers.chrome.Chrome.BookmarkFolderItem
- pyhindsight.browsers.chrome.Chrome.BookmarkItem
- pyhindsight.browsers.webbrowser.WebBrowser
- pyhindsight.plugins.__all__
- pyhindsight.utils.format_meta_output
- pyhindsight.utils.format_plugin_output
- pyhindsight.utils.friendly_date
- pyhindsight.utils.to_datetime