Group Purchasing
Group Purchasing

Timestamp Audit Checklist

Timestamp Audit Checklist (PDF, 0.16MB)Published: 06 Jul, 2026
Created by:
SANS Institute
SANS Institute for SEC401: Security Essentials

The Timestamp Audit Checklist is a practical log analysis tool for security practitioners who need to verify their environment's time infrastructure is accurate, consistent, and defensible. Missing UTC offsets, outdated DST rulesets, undocumented SIEM normalization, and unmonitored NTP drift are among the most common silent failures in incident response and digital forensics investigations. This checklist walks practitioners through a four-part audit covering per-log-source inventory, ingestion pipeline health, NTP configuration, and time zone change readiness, so teams can identify and fix timestamp gaps before they corrupt a timeline or hide attacker activity.

This content supports SEC401: Security Essentials.

Meet Your Author

SANS Institute
SANS Institute

SANS Institute

Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cybersecurity professionals with the practical skills and knowledge they need to make our world a safer place.

Read more about SANS Institute