Difference between revisions of "Timeline Analysis"

From ForensicsWiki
Jump to: navigation, search
(See Also)
(Tools)
Line 24: Line 24:
  
 
== Tools ==
 
== Tools ==
; [[Zeitline]] — Forensic timeline editor
+
; [[Aftertime]] - Java based application for creating timelines
: http://projects.cerias.purdue.edu/forensics/timeline.php
+
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
: http://sourceforge.net/projects/zeitline/
+
  
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
 
; [[log2timeline]] - An artifact timeline creation and analysis framework
Line 33: Line 32:
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
 
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
+
; [[Plaso]] - A toolbox based on log2timeline providing tools to create and analyze timelines
 
+
: http://plaso.kiddaland.net/
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
+
  
 
; [[PTK]] has a timeline analysis tool.
 
; [[PTK]] has a timeline analysis tool.
  
; [[Aftertime]] - Java based application for creating timelines
+
; [[Simile Timeline and Timeplot]]
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
+
: http://code.google.com/p/simile-widgets/  
ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
+
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
+
  
; [[sorter]] [[Sleuthkit]]'s [[MAC times]] sorting program.
+
; [[sorter]] - [[Sleuthkit]]'s [[MAC times]] sorting program.
  
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
 
 
; [[PTK]] has a timeline analysis tool.
 
 
; [[Aftertime]] - Java based application for creating timelines
 
: http://www.holm
 
 
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 
https://github.com/FlowingMedia/TimeFlow/wiki/
 
https://github.com/FlowingMedia/TimeFlow/wiki/
 +
 +
; [[Zeitline]] - Forensic timeline editor
 +
: http://projects.cerias.purdue.edu/forensics/timeline.php
 +
: http://sourceforge.net/projects/zeitline/
  
 
== External Links ==
 
== External Links ==

Revision as of 09:20, 27 August 2014

Papers

Tools

Aftertime - Java based application for creating timelines
http://www.holmes.nl/NFIlabs/Aftertime/index.html
log2timeline - An artifact timeline creation and analysis framework
http://log2timeline.net
https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
Plaso - A toolbox based on log2timeline providing tools to create and analyze timelines
http://plaso.kiddaland.net/
PTK has a timeline analysis tool.
Simile Timeline and Timeplot
http://code.google.com/p/simile-widgets/
sorter - Sleuthkit's MAC times sorting program.
TimeFlow - Visual timelines for investigation - source freely available

https://github.com/FlowingMedia/TimeFlow/wiki/

Zeitline - Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/

External Links