big thanks to ippsec!

utmpdump#

Exploring a binary wtmp file to gather login/logout users sessions? utmpdump is a life saver. Seems to be a core installed command on Linux (at least with debian). Otherwise this github might help.
nice nice

last (relearned)#

if utmpdump is a bit much .. apparently last can take a file name! last -f <file> throw a TZ=utc in front of that command and dates/times will display in UTC
who knew!?

grep’ing for ip address#

[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}