ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Timeline Analysis"

From ForensicsWiki
Jump to: navigation, search
m (Programs)
Line 1: Line 1:
 
==Papers==
 
==Papers==
 +
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
 
* S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009
 
* S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009
 
 
* Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time],  Master's Thesis, Blekinge Institute of Technology, September 2008.
 
* Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time],  Master's Thesis, Blekinge Institute of Technology, September 2008.
 
* R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008
 
* R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008
Line 25: Line 25:
 
: http://projects.cerias.purdue.edu/forensics/timeline.php
 
: http://projects.cerias.purdue.edu/forensics/timeline.php
 
: http://sourceforge.net/projects/zeitline/
 
: http://sourceforge.net/projects/zeitline/
 +
 +
; [[log2timeline]] - An artifact timeline creation and analysis framework
 +
: http://log2timeline.net
 +
: https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
 +
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
 
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
 
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.

Revision as of 08:09, 28 August 2009

Papers

Programs

Zeitline — Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/
log2timeline - An artifact timeline creation and analysis framework
http://log2timeline.net
https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
sorterSleuthkit's MAC times sorting program.
Simile Timeline and Timeplot
PTK has a timeline analysis tool.

See Also