Skip to content
Log in

Unix epoch timestamp

Definition

An integer representing the number of seconds (or, in some databases, milliseconds or nanoseconds) since 00:00:00 UTC on 1 January 1970. Mobile communication databases store all timestamps in this format. Correct timezone conversion is critical for accurate timeline reconstruction.

Related terms

Content provider (Android)
An Android system component that mediates access to shared data such as call logs and SMS. Forensic logical extractions query content providers...
Free page (SQLite)
A SQLite database page that has been deallocated after a delete operation but not yet reused. Residual message data in free pages...
Message status flag
An integer column in a messaging database that encodes the state of a message: sent, delivered, read, failed, or draft. The exact...
SQLCipher
An open-source SQLite extension that encrypts the entire database file using AES-256. Used by Signal and some other security-focused messaging apps. Without...
SQLite
A lightweight, serverless relational database engine used pervasively on both iOS and Android to store structured app data including messages, call logs,...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account