< Back
Get-ForensicTimezone
Post
NAME Get-ForensicTimezone
SYNOPSIS
Gets the system's timezone.
SYNTAX
Get-ForensicTimezone [[-HivePath] <String>] [<CommonParameters>]
DESCRIPTION
The Get-ForensicTimezone cmdlet parses the SYSTEM hive or a hive that you specify to derive the system's current
timezone.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-HivePath [<String>]
Registry hive to parse.
Required? false
Position? 0
Default value C:\\Windows\\system32\\config\\SYSTEM
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
PowerForensics.Artifacts.Timezone
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicTimezone
RegistryTimezone dotNetStandardTimezone dotNetDaylightTimezone
IsDaylightSavingTime
---------------- ---------------------- ----------------------
--------------------
Eastern Standard Time Eastern Standard Time Eastern Daylight Time
False
This command gets the time zones from the system hive.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-Timezone -HivePath C:\\evidence\\SYSTEM
RegistryTimezone dotNetStandardTimezone dotNetDaylightTimezone
IsDaylightSavingTime
---------------- ---------------------- ----------------------
--------------------
Eastern Standard Time Eastern Standard Time Eastern Daylight Time
False
This command gets the time zones from an exported SYSTEM hive.
RELATED LINKS
SYNOPSIS
Gets the system's timezone.
SYNTAX
Get-ForensicTimezone [[-HivePath] <String>] [<CommonParameters>]
DESCRIPTION
The Get-ForensicTimezone cmdlet parses the SYSTEM hive or a hive that you specify to derive the system's current
timezone.
Except as noted, the cmdlets in the PowerForensics module require the permissions of a member of the
Administrators group on the computer. To run them, start Windows PowerShell with the 'Run as administrator' option.
PARAMETERS
-HivePath [<String>]
Registry hive to parse.
Required? false
Position? 0
Default value C:\\Windows\\system32\\config\\SYSTEM
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
PowerForensics.Artifacts.Timezone
-------------------------- EXAMPLE 1 --------------------------
[ADMIN]: PS C:\\>Get-ForensicTimezone
RegistryTimezone dotNetStandardTimezone dotNetDaylightTimezone
IsDaylightSavingTime
---------------- ---------------------- ----------------------
--------------------
Eastern Standard Time Eastern Standard Time Eastern Daylight Time
False
This command gets the time zones from the system hive.
-------------------------- EXAMPLE 2 --------------------------
[ADMIN]: PS C:\\>Get-Timezone -HivePath C:\\evidence\\SYSTEM
RegistryTimezone dotNetStandardTimezone dotNetDaylightTimezone
IsDaylightSavingTime
---------------- ---------------------- ----------------------
--------------------
Eastern Standard Time Eastern Standard Time Eastern Daylight Time
False
This command gets the time zones from an exported SYSTEM hive.
RELATED LINKS