ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Timeline Analysis"

From ForensicsWiki
Jump to: navigation, search
(Papers)
(Timeline formats)
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Papers==
+
== Timeline formats ==
 +
* [[body file]]
 +
* [[L2T CSV]]
 +
* [[mactime]]
 +
* [[TLN]]
 +
 
 +
==Bibliography==
 +
===Papers===
 
* [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012
 
* [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012
 
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
 
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
Line 24: Line 31:
  
 
== Tools ==
 
== Tools ==
; [[Zeitline]] — Forensic timeline editor
+
; [[Aftertime]] - Java based application for creating timelines
: http://projects.cerias.purdue.edu/forensics/timeline.php
+
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
: http://sourceforge.net/projects/zeitline/
+
  
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
Line 33: Line 39:
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
+
; [[Plaso]] - A toolbox based on log2timeline providing tools to create and analyze timelines
 
+
: http://plaso.kiddaland.net/
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
+
  
 
; [[PTK]] has a timeline analysis tool.
 
; [[PTK]] has a timeline analysis tool.
  
; [[Aftertime]] - Java based application for creating timelines
+
; [[Simile Timeline and Timeplot]]
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
+
: http://code.google.com/p/simile-widgets/  
ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
+
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
+
  
; [[sorter]] [[Sleuthkit]]'s [[MAC times]] sorting program.
+
; [[sorter]] - [[Sleuthkit]]'s [[MAC times]] sorting program.
  
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
 
 
; [[PTK]] has a timeline analysis tool.
 
 
; [[Aftertime]] - Java based application for creating timelines
 
: http://www.holm
 
 
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 
https://github.com/FlowingMedia/TimeFlow/wiki/
 
https://github.com/FlowingMedia/TimeFlow/wiki/
  
==See Also==
+
; [[Timesketch]] - tool for collaborative forensic timeline analysis
* http://www.timeforensics.com/  
+
: http://www.timesketch.org/
 
+
 
+
  
 +
; [[Zeitline]] - Forensic timeline editor
 +
: http://projects.cerias.purdue.edu/forensics/timeline.php
 +
: http://sourceforge.net/projects/zeitline/
  
 +
== External Links ==
 +
* http://www.timeforensics.com/
  
 
[[Category:Tools]]
 
[[Category:Tools]]
 
[[Category:Bibliographies]]
 
[[Category:Bibliographies]]
 
[[Category:Timeline Analysis]]
 
[[Category:Timeline Analysis]]

Latest revision as of 07:51, 4 April 2015

Timeline formats

Bibliography

Papers

Tools

Aftertime - Java based application for creating timelines
http://www.holmes.nl/NFIlabs/Aftertime/index.html
log2timeline - An artifact timeline creation and analysis framework
http://log2timeline.net
https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
Plaso - A toolbox based on log2timeline providing tools to create and analyze timelines
http://plaso.kiddaland.net/
PTK has a timeline analysis tool.
Simile Timeline and Timeplot
http://code.google.com/p/simile-widgets/
sorter - Sleuthkit's MAC times sorting program.
TimeFlow - Visual timelines for investigation - source freely available

https://github.com/FlowingMedia/TimeFlow/wiki/

Timesketch - tool for collaborative forensic timeline analysis
http://www.timesketch.org/
Zeitline - Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/

External Links