Difference between pages "Plaso" and "Google Desktop Search"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(File formats)
 
(External Links)
 
Line 1: Line 1:
{{Infobox_Software |
+
{{Expand}}
  name = plaso |
+
Google Desktop Search is an application for both [[Windows]] and [[Mac OS X]] that allows the user to index and then search their local hard drives. These applications integrate with other Google tools such as searching the web and [[Gmail]].  
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
+
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
+
  genre = {{Analysis}} |
+
  license = {{APL}} |
+
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
+
}}
+
  
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
+
By default, the Mac version caches content that can be recovered even after the original has been deleted.
  
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
+
Google Desktop will be discontinued as of September 14 2011[[http://googleblog.blogspot.com/2011/09/fall-spring-clean.html]]
  
== Supported Formats ==
+
== See Also ==
  
=== Storage Media Image File Formats ===
+
[[Windows Desktop Search]]
Storage Medis Image File Format support is provided by [[dfvfs]].
+
  
=== Volume System Formats ===
+
== External Links ==
Volume System Format support is provided by [[dfvfs]].
+
  
=== File System Formats ===
+
* [http://desktop.google.com/ Official website]
File System Format support is provided by [[dfvfs]].
+
* [http://en.wikipedia.org/wiki/Google_Desktop Wikipedia entry on Google Desktop]
 +
* [http://en.wikipedia.org/wiki/List_of_search_engines#Desktop_search_engines Wikipedia list of Desktop search engines]
  
=== File formats ===
+
[[Category:Desktop Search]]
<b>TODO expand this list</b>
+
 
+
* Apple System Log (ASL)
+
* Basic Security Module (BSM)
+
* Bencode files
+
* [[Google Chrome|Chrome cache files]]
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]] using [[libesedb]]
+
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
+
* Java IDX
+
* [[OLE Compound File]] using [[libolecf]]
+
* OpenXML
+
* Pcap files
+
* [[Property list (plist)|Property list (plist) format]] using [[binplist]]
+
* SkyDrive log and error log files
+
* SQLite databases
+
* Syslog
+
* [[Windows Event Log (EVT)]] using [[libevt]]
+
* Windows Firewall
+
* Windows Job files (think at jobs)
+
* Windows Prefetch files
+
* Windows Recycle bin (INFO2 and $I/$R)
+
* [[Windows NT Registry File (REGF)]] using [[libregf]]
+
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
+
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
+
* Xchat and Xchat scrollback files
+
 
+
=== Bencode file formats ===
+
* Transmission
+
* uTorrent
+
 
+
=== ESE database file formats ===
+
* Internet Explorer WebCache format
+
 
+
=== OLE Compound File formats ===
+
* Document summary information
+
* Summary information (top-level only)
+
 
+
=== Property list (plist) formats ===
+
<b>TODO expand this list</b>
+
* Airport
+
* Apple Account
+
* iPod/iPhone
+
* Install History
+
* Mac User
+
* Software Update
+
* Spotlight
+
* Spotlight Volume Information
+
* Timemachine
+
 
+
=== SQLite database file formats ===
+
* Android call logs
+
* Android SMS
+
* Chrome cookies
+
* Chrome browsing and downloads history
+
* Firefox browsing and downloads history
+
* Google Drive
+
* Launch services quarantine events
+
* MacKeeper cache
+
* Mac OS X document versions
+
* Skype
+
* Zeitgeist activity
+
 
+
=== Windows Registry formats ===
+
<b>TODO expand this list</b>
+
* AppCompatCache
+
* CCleaner
+
* MountPoints2
+
* MSIE Zone
+
* MSIE Zone Software
+
 
+
== History ==
+
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]], [[dfvfs]] and various other projects.
+
 
+
== See Also ==
+
* [[dfvfs]]
+
* [[log2timeline]]
+
 
+
== External Links ==
+
* [https://code.google.com/p/plaso/ Project site]
+
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
+
* [http://blog.kiddaland.net/ Project blog]
+
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]
+

Revision as of 02:49, 9 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Google Desktop Search is an application for both Windows and Mac OS X that allows the user to index and then search their local hard drives. These applications integrate with other Google tools such as searching the web and Gmail.

By default, the Mac version caches content that can be recovered even after the original has been deleted.

Google Desktop will be discontinued as of September 14 2011[[1]]

See Also

Windows Desktop Search

External Links