Filtering by date and time

The Date and time filter allows you to specify the range of dates and times that you want to show artifact results for. You can filter by absolute date/time (a specific range of dates or times) or by relative date/time (evidence around a date or time). Any dates and times inside the specified range are displayed.

Note: The date and time filter only works for evidence that contains a UTC time stamp, rather than a local time stamp. Because local time behaves like a string rather than a time stamp, artifacts with local times will not appear in the results even if their time stamp matches the selected time period. To learn more about the behavior of local and UTC time stamps, see Understanding sorting and filtering for artifacts with local time stamps.

Filter evidence by a specific date or time

You can view evidence within a specific range of dates and times such as before a date, on a specific day of the week, in a custom time range, and more.

The Date and time filter is available in the Artifacts explorer and the File system explorer.

  1. In AXIOM Examine, on the Filters bar, click Date and time.
  2. Click Absolute date/time.
  3. Set the date range and/or time range you want to filter by.
  4. Click Okay.

Filter by relative date or time

When you've found evidence relevant to your investigation, you might want to know what else occurred around the same time. You can use the Relative date/time filter to view evidence around the time of a specific date.

The Date and time filter is available in the Artifacts explorer and the File system explorer.

  1. In AXIOM Examine, on the Filters bar, click Date and time.
  2. Click Absolute date/time.
  3. In the Anchor relative to section, select the date and time you want to use as the anchor.
  4. In the Set range section, select the range of time you want to filter by.
  5. Click Okay.