Package: wnpp Severity: wishlist Owner: Jan Gru <j4n...@gmail.com> X-Debbugs-Cc: debian-de...@lists.debian.org, debian-security-to...@lists.debian.org
* Package name : time-decode Version : 3.1.1 Upstream Author : Corey Forman * URL : https://github.com/digitalsleuth/time_decode * License : MIT Programming Lang: Python Description : timestamp decoder and converter time-decode provides the functionality to decode various timestamps and UUIDs to aid digital forensics and incident response processes. The supported formats range from common ones, like Unix epochs, WebKit/Chrome timestamps and Microsoft's FILETIME to more exotic formats like LDAP/Active Directory timestamps and Metasploit payload UUIDs. In addition, even timestamps used by some social media services, like Twitter, are included. ** Relevance of the package In most DFIR investigations temporal information is particularly important. Analysts often stumble over various timestamps and need to convert and normalize them quickly. While toolkits like plaso can help with the normalization of logfiles in bulk, Debian's package archives lack tooling for the convenient conversion of single timestamps of either known or unknown format. Given this finding and my experience from using it, time-decode seems to be an valuable prospective package to round off Debian's collection of forensic tools. ** Maintainenace plan I suggest to maintain time-decode inside the pkg-security-team's repository on salsa, since most of the packages related to forensics live there. However, I am looking for a sponsor for this package - ideally a member of the pkg-security-team.
