UTC/Local Time Display

Sandfly shows Coordinated Universal Time (UTC) time by default as all events reported by Sandfly are in UTC. Click on the timezone tag in the clock to swap between the local and UTC times.

ℹ️

INFO: UTC Time and Sandfly

UTC time is used for all timestamps generated by Sandfly during forensic investigations and along with any threats detected. Using UTC time avoids timezone problems from systems scattered across various regions.

⚠️

WARNING: Local System Time Used for File, Directory, and Process Timestamps

It is important to note that for file, directory, and other timestamps that Sandfly collects from a remote host they will be in the local timezone of the system, not UTC time, unless your systems all are running UTC.

For instance, if Sandfly fingerprints a suspicious file and shows you the results, the file creation, modification, and access times will be the remote host's timezone and are not UTC corrected by Sandfly.

The reason for this is to not alter what the remote system shows happening locally when you go to investigate.

By giving you local system time for suspicious files, directories, and processes you can simply go to the affected host and and not have to worry about correcting for timezones for suspicious activity you are trying to track down on that host.