This tool converts the Installation date found in the windows into human readable form. Win9x-style (Windows 95/98/ME) and WinNT-style (Windows NT/2000/XP) are supported.
My motivation to write this tool was making my first Java appliaction and having a handy tool to convert the installation date during forensic investigations on hard drives using Linux.
To get the Win9x Install Date, look at registry key (stored in the file system.dat) "HKLM\Software\Microsoft\Windows\CurrentVersion/FirstInstallDateTime". The value is in hex, remove the commas and convert it. A documentation on how to calculate the date from the hex value is available on forensicexams.org . This technique is also used in WinOra.
To get WinNT-style (NT, 2k, XP) Install Date look at registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate". WinNT uses an easier type, the value is seconds from 1:00 1.1.1970 on (so called "epoch" or "unix time").
Limitations: does crash when the keys are entered in the wrong format!
It's written in Java (1.5), execute it with java -jar WinOra.jar
Download: WinOra 0.1
David Berger, NetMon GmbH, berger at netmon.ch
April 27 2006