Windows FILETIME

Windows FILETIME is a timestamp format associated with Microsoft Windows, and with NTFS. It appears in some file formats, for example Microsoft Compound File.

It is a 64-bit integer representing the number of 100-nanosecond intervals since the beginning of the year 1601, UTC (ignoring leap seconds).

Because the traditional Windows API did not use 64-bit integers, it is often represented as a structure (named "FILETIME", of course) containing two 32-bit integers.

Despite its name, it is often used for things other than timestamps of files.

Links

 * Windows Dev Center: File Times
 * Windows Dev Center: FILETIME structure
 * Forensic Focus: Interpretation of NTFS Timestamps