[sleuthkit-users] FAT filesystem timestamp confusion

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Help! I'm confused by the way sleuthkit (with autopsy) is handling timestamps 
on a FAT32 filesystem.

I need to be able to establish an accurate timeline for one particular day and 
have managed to set things up so that I can get some sort of timelime, but I 
don't really understand how the timezone setting in Autopsy affects the 
results. (The skew concept is fine - I need to correct for a hw clock that's 
15 minutes fast so I've set it to +900).

The situation is this - the day in question falls during GMT time, but we're 
now into BST. I've set the timezone in autopsy to be GB, but have discovered 
a conflict in one of the files I'm looking at - it's a log file and the 
application generating it has stamped the time in the file as an hour later 
than the last write time on the file itself.

For reference, I'm running on RedHat Linux 8.0 with a clock that's firmly in 
BST at the moment.