Timezone

Description: Identifies the current system time zone.

Location:

• C:\Windows\System32\Config\SYSTEM
  • SYSTEM\CurrentControlSet\Control\TimeZoneInformation

Notes:

• Time activity is incredibly useful for correlation of activity
• Internal log files and date/timestamps will be based on the system time zone information
• You might have other network devices and you will need to correlate information to the time zone information collected here.

Analysis: Using Registry Explorer by Eric Zimmerman, we can load the SYSTEM registry hive and analyze the SYSTEM\CurrentControlSet\Control\TimeZoneInformation registry key. We can identify the CurrentControlSet by navigating to SYSTEM\Select and making note of the value of the Current data-point.



The TimeZoneKeyName displays the active timezone of the system.