Windows plugins datetime fields

[Zawadidone]

The *_date fields use the type string.

dissect.target/dissect/target/plugins/os/windows/regf/usb.py

Lines 22 to 25 in 7a2e0dc

	("string", "first_insert_date"),
	("string", "first_instal_date"),
	("string", "last_insert_date"),
	("string", "last_removal_date"),

But the docstring states that these fields use the type datetime.

dissect.target/dissect/target/plugins/os/windows/regf/usb.py

Lines 105 to 108 in 7a2e0dc

	first_insert_date (datetime): First insertion date of USB storage device
	first_instal_date (datetime): First instalation date of USB storage device
	last_insert_date (datetime): Most recent insertion (arrival) date of USB storage device
	last_removal_date (datetime): Most recent removal (unplug) date of USB storage device

Is this intended or should the type of these fields be adjusted to datetime?

The same applies for

dissect.target/dissect/target/plugins/os/windows/tasks.py

Line 19 in 7a2e0dc

("string", "date"),

[Schamper]

At least the USB ones look like a bug. There's also a type with instal it looks like. Feel free to fix in a PR.

As for the task one, looks like that comes from the RegistrationInfo/Date field in the task XML. I don't know the purpose of this field by heart, but if it's indeed a timestamp then it makes sense to also start parsing that as a datetime.

[Zawadidone]

Microsoft states that it is a date element.

When reading or writing XML for a task, the registration date is specified using the Date element of the Task Scheduler schema. - https://learn.microsoft.com/en-us/windows/win32/taskschd/registrationinfo-date, https://learn.microsoft.com/en-us/windows/win32/taskschd/taskschedulerschema-date-registrationinfotype-element

[Zawadidone]

Closed in #187