Difference between pages "Upcoming events" and "Plaso"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Calls For Papers)
 
(SQLite database file formats)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{Infobox_Software |
Events should be posted in the correct section, and in date order.  An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training).  When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
  name = plaso |
<i>Some conferences or training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience. Such restrictions should be noted when known.</i>
+
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
 +
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
 +
  genre = {{Analysis}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
 +
}}
  
This is a BY DATE listing of upcoming conferences and training events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
  
This listing is divided into four sections (described as follows):<br>
+
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
+
<li><b><u>[[Scheduled Training Courses]]</u></b> - Training Classes/Courses that are scheduled for specific dates/locations.  This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Name, Date(s), Location(s), URL) (''note: this has been moved to its own page.'')<br></li></ol>
+
  
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multimedia Sciences Section Listserv. 
+
== Supported Formats ==
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
+
  
== Calls For Papers ==
+
=== Storage Media Image File Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Storage Medis Image File Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
|-
+
|Black Hat Japan 2008 Briefings
+
|OPEN ON May 01, 2008
+
|https://cfp.blackhat.com/
+
|-
+
|Techno-Security 2008
+
|May 04, 2008
+
|http://www.techsec.com/html/TechnoPapers.html
+
|-
+
|Black Hat USA 2008 Briefings
+
|May 14, 2008
+
|https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html
+
|-
+
|4th International Conference on IT Incident Management & IT Forensics
+
|Jun 01, 2008
+
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2008/cfp_en.html
+
|-
+
|Economic and High Tech Crime Summit
+
|Jun 06, 2008
+
|http://summit.nw3c.org/speakers/call_for_speakers.cfm
+
|-
+
|Call for Chapter: Handbook of Research on Computational Forensics, Digital Crime and Investigation: Methods and Solutions
+
|Jun 30, 2008
+
|http://www.dcs.warwick.ac.uk/~ctli/Call_For_Chapters_2.html
+
|-
+
|ANZFSS - 19th International Symposium on the Forensic Sciences
+
|Jul 06, 2008
+
|http://www.anzfss2008.org.au/content/view/56/63/
+
|-
+
|DeepSec 2008
+
|Jul 15, 2008
+
|https://deepsec.net/cfp/
+
|-
+
|American Academy of Forensic Sciences Annual Meeting
+
|Aug 01, 2008
+
|http://www.aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|-
+
|5th Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Oct 15, 2008
+
|http://www.ifip119.org/Conferences/WG11-9-CFP-2009.pdf
+
|-
+
|}
+
  
== Conferences ==
+
=== Volume System Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Volume System Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location
+
! Website
+
|-
+
|ADFSL 2008 Conference on Digital Forensics, Security and Law
+
|Apr 23-25, Oklahoma City, OK
+
|http://www.digitalforensics-conference.org
+
|-
+
|CEIC 2008 Computer & Enterprise Investigations Conference
+
|Apr 27-30, Las Vegas, NV
+
|http://www.ceicconference.com/
+
|-
+
|Microsoft Law Enforcement Tech Conference 2008
+
|Apr 28-30, Redmond, Washington
+
|-
+
|HTCIA/ASIS High Technology Crime Conference
+
|May 06-08, San Francisco, CA
+
|http://htciatraining.org/general_info.asp
+
|-
+
|Fourth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW-08)
+
|May 12-14, Oak Ridge, TN
+
|http://www.ioc.ornl.gov/csiirw
+
|-
+
|Ohio HTCIA Spring Training Conference
+
|May 12-14, Lakeland Community College, OH
+
|http://www.ohiohtcia.org/conference.html
+
|-
+
|LayerOne 2008 Information Technology Conference
+
|May 17-18, Los Angeles, CA
+
|http://layerone.info
+
|-
+
|EuSecWest Security Conference 2008
+
|May 21-22, London, England
+
|http://eusecwest.com/
+
|-
+
|3rd International Workshop on Systematic Approaches to Digital Forensic Engineering
+
|May 22, Oakland, CA
+
|http://conf.ncku.edu.tw/sadfe/sadfe08/
+
|-
+
|4th GFIRST National Conference
+
|Jun 01-06, Orlando, FL
+
|http://www.us-cert.gov/GFIRST/index.html
+
|-
+
|Techno-Security 2008
+
|Jun 01-04, Myrtle Beach, SC
+
|http://www.techsec.com/html/Techno2008.html
+
|-
+
|Gartner IT Security Summit
+
|Jun 02-04, Washington, DC
+
|http://www.gartner.com/it/page.jsp?id=507478&tab=overview
+
|-
+
|6th International Conference on Applied Cryptography and Network Security
+
|Jun 03-06, Columbia University, New York City, NY
+
|http://acns2008.cs.columbia.edu/
+
|-
+
|RECON 2008
+
|Jun 13-15, Montreal, Quebec, Canada
+
|http://recon.cx/2008/
+
|-
+
|Usenix Annual Technical Conference
+
|Jun 22-27, Boston, MA
+
|http://www.usenix.com/events/usenix08/
+
|-
+
|International Association of Forensic Sciences Annual Meeting
+
|Jul 21-26, New Orleans, LA
+
|http://www.iafs2008.com/
+
|-
+
|17th USENIX Security Symposium
+
|Jul 28-Aug 01, San Jose, CA
+
|http://www.usenix.org/events/sec08/
+
|-
+
|Blackhat USA 2008 Briefings & Training
+
|Aug 02-07, Las Vegas, NV
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|2nd International Workshop on Computational Forensics
+
|Aug 07-08, Washington, DC
+
|http://iwcf08.arsforensica.org
+
|-
+
|Defcon 16
+
|Aug 08-10, Las Vegas, NV
+
|http://www.defcon.org
+
|-
+
|GMU 2008 International Training Symposium
+
|Aug 11-15, Fairfax, VA
+
|http://rcfg.org/
+
|-
+
|Digital Forensic Research Workshop
+
|Aug 11-13, Baltimore, MD
+
|http://www.dfrws.org
+
|-
+
|International Workshop on Digital Crime and Forensics in conjunction w/4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing
+
|Aug 15-17, Harbin, China
+
|http://www.dcs.warwick.ac.uk/~ctli/CFP_IWDCF2008.html
+
|-
+
|11th International Symposium on Recent Advances in Intrusion Detection
+
|Sep 15-17, Cambridge, MA
+
|http://www.ll.mit.edu/IST/RAID2008/
+
|-
+
|4th International Conference on IT Incident Management & IT Forensics
+
|Sep 23-25, Mannheim,  Germany
+
|http://www.imf-conference.org/
+
|-
+
|VB2008 anti-malware conference
+
|Oct 01-03, Ottawa, Canada
+
|http://www.virusbtn.com/conference/vb2008/
+
|-
+
|ANZFSS - 19th International Symposium on the Forensic Sciences
+
|Oct 06-09, Melbourne, Australia
+
|http://www.anzfss2008.org.au/
+
|-
+
|13th European Symposium on Research in Computer Security
+
|Oct 06-08, Malaga, Spain
+
|http://www.isac.uma.es/esorics08/
+
|-
+
|Economic and High Tech Crime Summit 2008
+
|Oct 07-08, Memphis, TN
+
|http://summit.nw3c.org/
+
|-
+
|3nd International Annual Workshop on Digital Forensics & Incident Analysis
+
|Oct 09, Malaga, Spain
+
|http://www.icsd.aegean.gr/wdfia08/
+
|-
+
|2008 HTCIA International Training Conference
+
|Oct 22-28, Atlantic City, NJ
+
|http://www.htcia.org/conference.shtml
+
|-
+
|DeepSec 2008
+
|Nov 11-14, Vienna, Austria
+
|https://deepsec.net/
+
|-
+
|2009 DoD Cyber Crime Conference
+
|Jan 24-30, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|-
+
|5th Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Jan 25-28, Orlando, FL
+
|http://www.ifip119.org/Conferences/
+
|-
+
|American Academy of Forensic Sciences Annual Meeting
+
|Feb 16-21, Denver, CO
+
|http://www.aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|-
+
|}
+
  
== On-going / Continuous Training ==
+
=== File System Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
File System Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
 
! Title
+
=== File formats ===
! Date/Location or Venue
+
<b>TODO expand this list</b>
! Website
+
 
|-
+
* Apple System Log (ASL)
|Basic Computer Examiner Course - Computer Forensic Training Online
+
* Basic Security Module (BSM)
|Distance Learning Format
+
* Bencode files
|http://www.cftco.com
+
* [[Google Chrome|Chrome cache files]]
|-
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]] using [[libesedb]]
|Linux Data Forensics Training
+
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
|Distance Learning Format
+
* Java IDX
|http://www.crazytrain.com/training.html
+
* [[OLE Compound File]] using [[libolecf]]
|-
+
* OpenXML
|SANS On-Demand Training
+
* Pcap files
|Distance Learning Format
+
* [[Property list (plist)|Property list (plist) format]] using [[binplist]]
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
* SELinux audit logs
|-
+
* SkyDrive log and error log files
|MaresWare Suite Training
+
* SQLite databases
|First full week every month, Atlanta, GA
+
* Symantec AV logs
|http://www.maresware.com/maresware/training/maresware.htm
+
* Syslog
|-
+
* [[Windows Event Log (EVT)]] using [[libevt]]
|Evidence Recovery for Windows Vista&trade;
+
* Windows Firewall
|First full week every month, Brunswick, GA
+
* Windows Job files (think at jobs)
|http://www.internetcrimes.net
+
* Windows Prefetch files
|-
+
* Windows Recycle bin (INFO2 and $I/$R)
|Evidence Recovery for Windows Server&reg; 2003 R2
+
* [[Windows NT Registry File (REGF)]] using [[libregf]]
|Second full week every month, Brunswick, GA
+
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
|http://www.internetcrimes.net
+
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
|-
+
* Xchat and Xchat scrollback files
|Evidence Recovery for the Windows XP&trade; operating system
+
 
|Third full week every month, Brunswick, GA
+
=== Bencode file formats ===
|http://www.internetcrimes.net
+
* Transmission
|-
+
* uTorrent
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
 
|Third weekend of every month (Fri-Mon), Dallas, TX
+
=== ESE database file formats ===
|http://www.md5group.com
+
* Internet Explorer WebCache format
|-
+
 
|}
+
=== OLE Compound File formats ===
==[[Scheduled Training Courses]]==
+
* Document summary information
 +
* Summary information (top-level only)
 +
 
 +
=== Property list (plist) formats ===
 +
* Airport
 +
* Apple Account
 +
* Bluetooth
 +
* Install History
 +
* iPod/iPhone
 +
* Mac User
 +
* Safari history
 +
* Software Update
 +
* Spotlight
 +
* Spotlight Volume Information
 +
* Timemachine
 +
 
 +
=== SQLite database file formats ===
 +
* Android call logs
 +
* Android SMS
 +
* Chrome cookies
 +
* [[Google Chrome|Chrome browsing and downloads history]]
 +
* [[Mozilla Firefox|Firefox browsing and downloads history]]
 +
* Google Drive
 +
* Launch services quarantine events
 +
* MacKeeper cache
 +
* Mac OS X document versions
 +
* Skype text conversations
 +
* Zeitgeist activity
 +
 
 +
=== Windows Registry formats ===
 +
<b>TODO expand this list</b>
 +
* [[Windows Application Compatibility|AppCompatCache]]
 +
* CCleaner
 +
* MountPoints2
 +
* MSIE Zone
 +
* MSIE Zone Software
 +
 
 +
== History ==
 +
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]], [[dfvfs]] and various other projects.
 +
 
 +
== See Also ==
 +
* [[dfvfs]]
 +
* [[log2timeline]]
 +
 
 +
== External Links ==
 +
* [https://code.google.com/p/plaso/ Project site]
 +
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
 +
* [http://blog.kiddaland.net/ Project blog]
 +
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]

Revision as of 02:49, 3 June 2014

plaso
Maintainer: Kristinn Gudjonsson, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: code.google.com/p/plaso/

Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating targeted timelines.

The Plaso project site also provides 4n6time, formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by David Nides.

Supported Formats

Storage Media Image File Formats

Storage Medis Image File Format support is provided by dfvfs.

Volume System Formats

Volume System Format support is provided by dfvfs.

File System Formats

File System Format support is provided by dfvfs.

File formats

TODO expand this list

Bencode file formats

  • Transmission
  • uTorrent

ESE database file formats

  • Internet Explorer WebCache format

OLE Compound File formats

  • Document summary information
  • Summary information (top-level only)

Property list (plist) formats

  • Airport
  • Apple Account
  • Bluetooth
  • Install History
  • iPod/iPhone
  • Mac User
  • Safari history
  • Software Update
  • Spotlight
  • Spotlight Volume Information
  • Timemachine

SQLite database file formats

Windows Registry formats

TODO expand this list

History

Plaso is a Python-based rewrite of the Perl-based log2timeline initially created by Kristinn Gudjonsson. Plaso builds upon the SleuthKit, libyal, dfvfs and various other projects.

See Also

External Links