Paste a raw timestamp from an artifact and see every plausible decoding side by side. It auto detects the likely format from the magnitude of the value, so you can tell a Windows FILETIME from a Chrome time from a plain Unix epoch and read the date each one really means.
In disk and memory forensics a timestamp is rarely labelled. You pull a 64 bit integer out of a registry hive, a SQLite cell, a plist, or a raw struct, and the same digits could be a Windows FILETIME, a Chrome history time, an Apple absolute time, or a Unix epoch in one of four resolutions. Reading it under the wrong epoch can move an event by decades. This tool decodes the value under every format that could plausibly produce a number that size, shows each result, and highlights the most likely reading so you can confirm it against the artifact it came from.
A FILETIME is a 64 bit count of 100 nanosecond intervals since the first of January 1601 in UTC. The same epoch backs Active Directory and LDAP attributes such as lastLogonTimestamp and pwdLastSet. Modern values are 18 digits long and are often seen in hex inside a memory image, so the tool accepts a 0x prefixed hex value as well as decimal. The arithmetic uses BigInt, because a raw FILETIME is larger than a JavaScript number can represent exactly, and an off by one in the low digits is still a real time difference.
Chromium based browsers store history, cookie, and cache timestamps as microseconds since the same 1601 epoch as FILETIME. WebKit on Apple platforms uses the same base for some artifacts. Because the unit is microseconds rather than 100 nanosecond ticks, a Chrome value is a thousand times smaller than the FILETIME for the same instant, which is exactly the kind of factor that makes a naive epoch converter silently wrong.
Apple Cocoa Core Data absolute time counts seconds since the first of January 2001 in UTC, so a recent value is a smallish number and a value before that date is negative. Classic Mac HFS plus timestamps count seconds since the first of January 1904 and were historically written in the local time of the machine, so the tool decodes the raw value against the documented epoch and reminds you to reason about the original time zone yourself.
An OLE Automation date is a floating point count of days since the thirtieth of December 1899, common in older Office and Windows artifacts. A packed DOS date and time squeezes the date into the high 16 bits and the time into the low 16 bits of a 32 bit value, with two second resolution, and the tool unpacks it when the value is in that range. Finally a plain Unix epoch can arrive in seconds, milliseconds, microseconds, or nanoseconds, and the magnitude usually tells you which, which is why all four are shown together.
Each row is one way to decode the number you pasted. The most plausible interpretation, judged from the magnitude and whether it lands on a sane date, is highlighted and tagged. Treat that as a strong hint, not a verdict: the surrounding artifact, the field name, and the tool that wrote it are what settle which epoch is correct. This converter runs entirely client side, so you can safely decode a value from a sealed image or a live investigation without the input leaving your machine, the same care that the wider AI security testing work is built around. For more terms you meet in this kind of analysis, the web security glossary is a useful companion.