Hardware Clock Time
Overview
Evidence: Hardware Clock Time Description: Display the current hardware clock time Category: System Platform: esxi Short Name: hwclk Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
Hardware clock (RTC) maintains system time independently of the operating system. Time accuracy is critical for forensic timeline analysis, log correlation, and detecting time-based anti-forensics techniques like timestomping or clock manipulation to hide malicious activities.
Data Collected
This collector gathers structured data about hardware clock time.
Hardware Clock Time Data
AccessTime
Access Time
2023-10-15 14:30:25+03:00
AccessCount
Access Count
123
URL
URL
Example value
Browser
Browser
Example value
Title
Title
Example value
VisitDuration
Visit Duration
Example value
Referrer
Referrer
Example value
TypedCount
Typed Count
123
IsHidden
Is Hidden
true
TransitionType
Transition Type
Example value
VisitID
Visit ID
123
TransitionQualifiers
Transition Qualifiers
Example value
User
User
Example value
Profile
Profile
Example value
HistoryFilePath
History File Path
Example value
Collection Method
This collector captures the current hardware clock time from the system's Real-Time Clock (RTC), recording the timestamp at collection to establish a time reference point for the investigation.
Forensic Value
Hardware clock comparison with system time reveals time synchronization issues, detects deliberate clock manipulation used to evade detection or hide activity timing, and provides an independent time source for validating event timelines when system time may have been tampered with.
Last updated
Was this helpful?