ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Timeline Analysis"

From ForensicsWiki
Jump to: navigation, search
m (Programs)
(See Also)
(6 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
==Papers==
 
==Papers==
 +
* [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012
 +
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
 +
* Jewan Bang, BY Yoo, JS Kim, SJ Lee, [http://forensic.korea.ac.kr/research/Conference/Analysis_of_Time_Information_for_Digital_Investigation.pdf "Analysis of Time Information for Digital Investigation"], NCM 2009, 5th International Joint Conference on INC, IMS, IDC, August 2009
 
* S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009
 
* S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009
 
 
* Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time],  Master's Thesis, Blekinge Institute of Technology, September 2008.
 
* Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time],  Master's Thesis, Blekinge Institute of Technology, September 2008.
 
* R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008
 
* R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008
Line 21: Line 23:
 
* [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner, November 6, 2000
 
* [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner, November 6, 2000
  
==Programs==
+
== Tools ==
 
; [[Zeitline]] — Forensic timeline editor
 
; [[Zeitline]] — Forensic timeline editor
 
: http://projects.cerias.purdue.edu/forensics/timeline.php
 
: http://projects.cerias.purdue.edu/forensics/timeline.php
 
: http://sourceforge.net/projects/zeitline/
 
: http://sourceforge.net/projects/zeitline/
 +
 +
; [[log2timeline]] - An artifact timeline creation and analysis framework
 +
: http://log2timeline.net
 +
: https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
 +
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
 
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
 
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
Line 32: Line 39:
 
; [[PTK]] has a timeline analysis tool.
 
; [[PTK]] has a timeline analysis tool.
  
==See Also==
+
; [[Aftertime]] - Java based application for creating timelines
* http://www.timeforensics.com/  
+
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
 +
ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
 +
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
 +
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
  
 +
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
  
 +
; [[PTK]] has a timeline analysis tool.
  
 +
; [[Aftertime]] - Java based application for creating timelines
 +
: http://www.holm
 +
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 +
https://github.com/FlowingMedia/TimeFlow/wiki/
 +
 +
== External Links ==
 +
* http://www.timeforensics.com/
  
 
[[Category:Tools]]
 
[[Category:Tools]]
 
[[Category:Bibliographies]]
 
[[Category:Bibliographies]]
 
[[Category:Timeline Analysis]]
 
[[Category:Timeline Analysis]]

Revision as of 20:23, 27 August 2012

Papers

Tools

Zeitline — Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/
log2timeline - An artifact timeline creation and analysis framework
http://log2timeline.net
https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
sorterSleuthkit's MAC times sorting program.
Simile Timeline and Timeplot
PTK has a timeline analysis tool.
Aftertime - Java based application for creating timelines
http://www.holmes.nl/NFIlabs/Aftertime/index.html

ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/

https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
sorterSleuthkit's MAC times sorting program.
Simile Timeline and Timeplot
PTK has a timeline analysis tool.
Aftertime - Java based application for creating timelines
http://www.holm
TimeFlow - Visual timelines for investigation - source freely available

https://github.com/FlowingMedia/TimeFlow/wiki/

External Links