It looks to me like your timestamp doesn't go by the standards... Cut from the "Standard ECMA-167": "Type and Time Zone (RBP 0) The most significant 4 bits of this field, interpreted as a 4-bit number, shall specify the interpretation of the timestamp as shown in figure 1/8. The least significant 12 bits, interpreted as a signed 12-bit number in two' s complement form, shall be interpreted as follows: - If the value is in the range -1 440 to 1 440 inclusive, then the value specifies the offset, in minutes, of the date and time of the day from Coordinated Universal Time. - If the value is -2 047, then no such value is specified. Type Interpretation 0 The timestamp specifies Coordinated Universal Time. 1 The timestamp specifies local time. 2 The interpretation of the timestamp is subject to agreement between the originator and recipient of the medium. 3-15 Reserved for future standardisation. " It looks like your 'Type' falls in the yet-to-be-determined category... Maybe the following documents will be able to help your friend: Standard ECMA-167 - http://www.ecma.ch/ecma1/STAND/ECMA-167.HTM UDF specs - http://www.osta.org/specs/index.htm -Claus ----- Original Message ----- From: "Mark G. Spencer" <dreadnoughtat_private> To: <forensicsat_private> Sent: Tuesday, December 10, 2002 9:37 AM Subject: Ascertaining UDF and ISO CD time zone? > My coworker who is putting together the tutorial on UDF and ISO CD-ROM > dating has run into a couple more problems and I was hoping those on the > list more familiar with these specifications could assist him. > > Regarding UDF, he's working with the date and time stamp C4 0F D2 07 0A > 01 0A 2E 0C. He's been able to compute and test all values against test > burns except the 16-bit time zone and type value of 0xC4 0x0F. How does > this translate into time zone and type? > > Regarding ISO, he has found an inconsistency computing the time zone > (calculated using the offset from GMT in the number of 15 minute > intervals from -48 to +52) of hex 0xE4. His logic at this point: > > -0xE4 = -228 > Dropped hundredths, resulting in -28 15 minute intervals, 4 > intervals/hr. -28 / 4 = -7 > > But according to the Windows date and time properties on the test > system, the time zone value should be -8! > > Thanks again for the excellent advice, > > Mark > > --------------------------------------------- > Introducing NetZero Long Distance > 1st month Free! > Sign up today at: www.netzerolongdistance.com > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 10:02:43 PST