Some of you will have noticed that from NetAnalysis v1.50 there have been numerous new date and time columns added.  These new timestamps were identified during months of research and development and are now included with the latest release.  Figure 1 shows some of the new fields from Internet Explorer.  This article will look at each of the new columns and explain what they mean.

Figure 1

Last Visited [UTC]

This column should be self explanatory.  It is the timestamp which reflects the last known recorded visit to a webpage (or object) in Coordinated Universal Time (UTC).  Normally, this timestamp is extracted directly from the source record and not changed in any way by the time zone information set in NetAnalysis.  With the exception of Internet Explorer Weekly INDEX.DAT records, all other records have their timestamps saved as UTC values.  Weekly records are stored as local times and therefore have to be converted to UTC to fill this column.

Last Visited [Local]

This column contains the timestamp which reflects the last known recorded visit to a webpage (or object) in Local time.  This timestamp is calculated by using the data from the Last Visited [UTC] column and converting it to Local time using the time zone information set in NetAnalysis prior to extraction (with the exception of Daily INDEX.DAT records which is already stored in Local time).

Date Expiration [UTC]

This column contains a timestamp (in UTC) which reflects the date and time when the object or record is no longer regarded as valid by the browser.  For example, in History records, you will see that the expiration time is set according to the amount of days the browser is set to keep history records, whilst the cache expiration time can be set by the web developer and is delivered to the browser during the HTTP response.  This column reflects the ExpireTime field in the INTERNET_CACHE_ENTRY_INFO Structure. 

Date Last Modified [UTC]

This column contains a timestamp (in UTC) which reflects the date and time the webpage (or object) was last modified (last written).  This information is passed back to the browser as part of the HTTP response.  Since origin servers do not always provide explicit expiration times, HTTP caches typically assign heuristic expiration times, employing algorithms that use other header values (such as the Last-Modified time) to estimate a plausible expiration time.

Date Index Created [UTC]

This column contains a timestamp (in UTC) which reflects the date and time the Weekly INDEX.DAT file from Internet Explorer was created.

Date Last Synch [UTC

This column contains a timestamp (in UTC) which reflects the last date and time at which an object was checked for freshness with the origin server.  LastSyncTime is initially set as the time at which an object is added to the cache, and is updated every time the browser verifies freshness of the object with the server.

Date First Visited [UTC]

This column contains a timestamp (in UTC) which is available during the extracting of Netscape and Firefox v1-2 History.  It reflects the first date and time at which a web page (or object) was visited.

Date Added [UTC]

This column contains a timestamp (in UTC) which is available during the extracting of Netscape, Firefox and Mozilla bookmark files.  It reflects the date and time at which an entry was added to the bookmark file.

References

·         KB80013 Internet Explorer INTERNET_CACHE_ENTRY_INFO Structure

·         KB80072 Microsoft Internet Explorer Daily INDEX.DAT Entries

·         KB80073 Microsoft Internet Explorer Weekly INDEX.DAT Entries

·         KB80004 Identification of Suspect Computer Time Zone

·         Caching in HTTP