Difference between revisions of "Timeline Analysis"

From ForensicsWiki
Jump to: navigation, search
(See Also)
(Timeline formats)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Papers==
+
== Timeline formats ==
 +
* [[body file]]
 +
* [[L2T CSV]]
 +
* [[mactime]]
 +
* [[TLN]]
 +
 
 +
==Bibliography==
 +
===Papers===
 
* [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012
 
* [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012
 
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
 
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
Line 24: Line 31:
  
 
== Tools ==
 
== Tools ==
; [[Zeitline]] — Forensic timeline editor
+
; [[Aftertime]] - Java based application for creating timelines
: http://projects.cerias.purdue.edu/forensics/timeline.php
+
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
: http://sourceforge.net/projects/zeitline/
+
  
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
Line 33: Line 39:
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
+
; [[Plaso]] - A toolbox based on log2timeline providing tools to create and analyze timelines
 
+
: http://plaso.kiddaland.net/
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
+
  
 
; [[PTK]] has a timeline analysis tool.
 
; [[PTK]] has a timeline analysis tool.
  
; [[Aftertime]] - Java based application for creating timelines
+
; [[Simile Timeline and Timeplot]]
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
+
: http://code.google.com/p/simile-widgets/  
ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
+
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
+
  
; [[sorter]] [[Sleuthkit]]'s [[MAC times]] sorting program.
+
; [[sorter]] - [[Sleuthkit]]'s [[MAC times]] sorting program.
  
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
+
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 +
https://github.com/FlowingMedia/TimeFlow/wiki/
  
; [[PTK]] has a timeline analysis tool.
+
; [[Timesketch]] - tool for collaborative forensic timeline analysis
 +
: http://www.timesketch.org/
  
; [[Aftertime]] - Java based application for creating timelines
+
; [[Zeitline]] - Forensic timeline editor
: http://www.holm
+
: http://projects.cerias.purdue.edu/forensics/timeline.php
; [[TimeFlow]] - Visual timelines for investigation - source freely available
+
: http://sourceforge.net/projects/zeitline/
https://github.com/FlowingMedia/TimeFlow/wiki/
+
  
 
== External Links ==
 
== External Links ==

Latest revision as of 07:51, 4 April 2015

Timeline formats

Bibliography

Papers

Tools

Aftertime - Java based application for creating timelines
http://www.holmes.nl/NFIlabs/Aftertime/index.html
log2timeline - An artifact timeline creation and analysis framework
http://log2timeline.net
https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
Plaso - A toolbox based on log2timeline providing tools to create and analyze timelines
http://plaso.kiddaland.net/
PTK has a timeline analysis tool.
Simile Timeline and Timeplot
http://code.google.com/p/simile-widgets/
sorter - Sleuthkit's MAC times sorting program.
TimeFlow - Visual timelines for investigation - source freely available

https://github.com/FlowingMedia/TimeFlow/wiki/

Timesketch - tool for collaborative forensic timeline analysis
http://www.timesketch.org/
Zeitline - Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/

External Links