Digital Detective

Free Tool - DCode

This utility was designed to decode the various date/time values found embedded within binary and other file types.

	Version	Release Date	Size

MD5 Hash

This release now supports the following date/time formats (Table 1) and will allow you to add a time zone bias.

Date / Time Format	Example	Date/Time Value
- Windows 64 bit (little endian)	FF03D2315FE1C701	Sat, 18 August 2007 06:15:37 UTC
- Windows 64 bit (big endian)	01C7E15F31D202FF	Sat, 18 August 2007 06:15:37 UTC
- Windows Cookie	1713586176, 30212469	Wed, 14 March 2012 00:00:00 UTC
- Windows 64 bit OLE	FBE8DF975D3FE340	Sun, 02 December 2007 22:11:42 UTC
- Hotmail / Email Filetime	CD4E55C3:01C7DD3E	Mon, 13 August 2007 00:13:40 UTC
- Unix 32 bit (little endian)	A2C3B446	Sat, 04 August 2007 18:21:22 UTC
- Unix 32 bit (big endian)	46C3B400	Thu, 16 August 2007 02:18:40 UTC
- Unix numeric	1170245478	Wed, 31 January 2007 12:11:18 UTC
- Unix millisecond	1176469232719	Fri, 13 April 2007 13:00:32.719 UTC
- Apple Mac Absolute	219216022	Thu, 13 December 2007 05:20:22 UTC
- MS-DOS wFatTime, wFatDate	3561A436	Fri, 04 May 2007 12:09:42 Local
- MS-DOS wFatDate, wFatTime	A4363561	Fri, 04 May 2007 12:09:42 Local
- HFS 32 bit (little endian)	CD4E55C3	Mon, 05 November 2007 22:50:53 Local
- HFS 32 bit (big endian)	C3554ECD	Sat, 23 February 2013 11:17:23 Local
- HFS+ (big endian)	CD4E55C3	Mon, 05 November 2007 22:50:53 UTC
- HFS+ (little endian)	C3554ECD	Mon, 05 November 2007 22:50:53 UTC

Table 1

During a forensic examination, you may need to decode a date or verify the date provided to you by forensic software. This is where decode comes in. Decode can take a decimal value or a HEX value and convert it into a date & time in a variety of formats.

DCode is a great tool for date/time validation and dual tool verification.