ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Timeline Analysis"

From ForensicsWiki
Jump to: navigation, search
(Programs)
(Timeline formats)
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==Papers==
+
== Timeline formats ==
 +
* [[body file]]
 +
* [[L2T CSV]]
 +
* [[mactime]]
 +
* [[TLN]]
 +
 
 +
==Bibliography==
 +
===Papers===
 +
* [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012
 
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
 
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
 
* Jewan Bang, BY Yoo, JS Kim, SJ Lee, [http://forensic.korea.ac.kr/research/Conference/Analysis_of_Time_Information_for_Digital_Investigation.pdf "Analysis of Time Information for Digital Investigation"], NCM 2009, 5th International Joint Conference on INC, IMS, IDC, August 2009
 
* Jewan Bang, BY Yoo, JS Kim, SJ Lee, [http://forensic.korea.ac.kr/research/Conference/Analysis_of_Time_Information_for_Digital_Investigation.pdf "Analysis of Time Information for Digital Investigation"], NCM 2009, 5th International Joint Conference on INC, IMS, IDC, August 2009
Line 22: Line 30:
 
* [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner, November 6, 2000
 
* [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner, November 6, 2000
  
==Programs==
+
== Tools ==
; [[Zeitline]] — Forensic timeline editor
+
; [[Aftertime]] - Java based application for creating timelines
: http://projects.cerias.purdue.edu/forensics/timeline.php
+
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
: http://sourceforge.net/projects/zeitline/
+
  
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
Line 32: Line 39:
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
+
; [[Plaso]] - A toolbox based on log2timeline providing tools to create and analyze timelines
 
+
: http://plaso.kiddaland.net/
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
+
  
 
; [[PTK]] has a timeline analysis tool.
 
; [[PTK]] has a timeline analysis tool.
  
; [[Aftertime]] - Java based application for creating timelines
+
; [[Simile Timeline and Timeplot]]
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
+
: http://code.google.com/p/simile-widgets/  
  
==See Also==
+
; [[sorter]] - [[Sleuthkit]]'s [[MAC times]] sorting program.
* http://www.timeforensics.com/
+
  
 +
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 +
https://github.com/FlowingMedia/TimeFlow/wiki/
  
 +
; [[Timesketch]] - tool for collaborative forensic timeline analysis
 +
: http://www.timesketch.org/
  
 +
; [[Zeitline]] - Forensic timeline editor
 +
: http://projects.cerias.purdue.edu/forensics/timeline.php
 +
: http://sourceforge.net/projects/zeitline/
  
 +
== External Links ==
 +
* http://www.timeforensics.com/
  
 
[[Category:Tools]]
 
[[Category:Tools]]
 
[[Category:Bibliographies]]
 
[[Category:Bibliographies]]
 
[[Category:Timeline Analysis]]
 
[[Category:Timeline Analysis]]

Latest revision as of 07:51, 4 April 2015

Timeline formats

Bibliography

Papers

Tools

Aftertime - Java based application for creating timelines
http://www.holmes.nl/NFIlabs/Aftertime/index.html
log2timeline - An artifact timeline creation and analysis framework
http://log2timeline.net
https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
Plaso - A toolbox based on log2timeline providing tools to create and analyze timelines
http://plaso.kiddaland.net/
PTK has a timeline analysis tool.
Simile Timeline and Timeplot
http://code.google.com/p/simile-widgets/
sorter - Sleuthkit's MAC times sorting program.
TimeFlow - Visual timelines for investigation - source freely available

https://github.com/FlowingMedia/TimeFlow/wiki/

Timesketch - tool for collaborative forensic timeline analysis
http://www.timesketch.org/
Zeitline - Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/

External Links