Vanbaar: /* Screenshots */

2010-04-16T06:03:10Z

‎Screenshots

Vanbaar: Created page with '{{Infobox_Software | name = Aftertime | maintainer = NFI | os = Java | genre = {{Analysis}} | license = proprietary | website = http://www.holmes.nl/NFIlabs/Aftertim…'

2010-04-16T05:59:10Z

Created page with '{{Infobox_Software | name = Aftertime | maintainer = NFI | os = Java | genre = {{Analysis}} | license = proprietary | website = http://www.holmes.nl/NFIlabs/Aftertim…'

New page

{{Infobox_Software |
name = Aftertime |
maintainer = NFI |
os = Java |
genre = {{Analysis}} |
license = proprietary |
website = http://www.holmes.nl/NFIlabs/Aftertime |
}}

==Aftertime==

'''Aftertime''' is a Java software application that can be used to create [[Timeline_Analysis_Bibliography|time lines]] for forensic investigators. Aftertime is based on [[Snorkel]] to provide access to a large number of image file formats, partition schemes, file systems and file formats. Aftertime not only uses time information contained in the file system but also extracts time information from file contents, e.g. event logs, internet history, e-mail and more. The winners of the [[DFRWS]] [http://www.dfrws.org/2009/challenge/index.shtml 2009 Forensic Challenge] used Aftertime to create the timeline.

==Features==

With Aftertime it is possible to set the time zone per project, per image, per scanner or change the time zone displayed. The file types supported are summarized below.

{|
|E-mail
|[[MBox|Mbox]]
|-
|Files
|[[LNK|Shortcuts]]
|-
|
|[[MAC_times|MAC-times]]
|-
|Internet history
|[[Internet_Explorer|Internet Explorer cookies]]
|-
|
|[[Internet_Explorer_History_File_Format|Internet Explorer history]]
|-
|
|[[Apple_Safari_History_File_Format|Safari history]]
|-
|
|[[Safari|Safari cookies]]
|-
|
|[[Opera|Opera cookies]]
|-
|
|[[Firefox|Mozilla/Firefox cookies]]
|-
|
|[[Mozilla_Firefox_History_File_Format|Mozilla]]/[[Mozilla_Firefox_3_History_File_Format|Firefox]] history
|-
|Logs
|[[MSN]]
|-
|
|WTMP
|-
|
|Console kit
|-
|
|Zone alarm
|-
|
|Gator
|-
|
|setupapi.log
|-
|
|WBEM
|-
|Multimedia
|[[Exif]]
|-
|Operating System
|[[EVT|Windows Event log]]
|-
|
|[[Prefetch|Windows Prefetch]]
|-
|
|Linux / Macintosh logs
|-
|
|[[Windows_Registry|Windows Registry]]
|-
|
|Windows Shadow-files
|}

==Examples of use==
Aftertime is used in a wide variety of cases:
* Was a person using this system at a specific time (alibi)?
* Are there traces of malicious activity at a given time?
* Are there any traces of other activity while this file was downloaded?
* When was this letter written?
Aftertime has two different views on the data. The first display is a graphical view, where events are presented in a histogram. It is possible to display the events in a logarithmic scale to not overlook events that are only present a limited number of times. The second display is a list of events with the details of each event presented by highlighting the event.

==Screenshots==
Screenshots can be found on the [http://www.holmes.nl/NFIlabs/Aftertime/screenshots.html screenshots] section of the [http://www.holmes.nl/NFIlabs/Aftertime Aftertime]-website.

==Links==
; [http://www.holmes.nl/NFIlabs/Aftertime/index.html Aftertime website]

@@ Line 98: / Line 98: @@
 ==Screenshots==
-Screenshots can be found on the [http://www.holmes.nl/NFIlabs/Aftertime/screenshots.html screenshots] section of the [http://www.holmes.nl/NFIlabs/Aftertime Aftertime]-website.
+[[File:Aftertime1_large.png|200px|thumbs|Aftertime screenshot]]
 ==Links==
 ; [http://www.holmes.nl/NFIlabs/Aftertime/index.html Aftertime website]

Aftertime - Revision history

Vanbaar: /* Screenshots */

Vanbaar: Created page with '{{Infobox_Software | name = Aftertime | maintainer = NFI | os = Java | genre = {{Analysis}} | license = proprietary | website = http://www.holmes.nl/NFIlabs/Aftertim…'