Difference between pages "Plaso" and "NetBSD"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Property list (plist) formats)
 
 
Line 1: Line 1:
{{Infobox_Software |
+
{{expand}}
  name = plaso |
+
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
+
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
+
  genre = {{Analysis}} |
+
  license = {{APL}} |
+
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
+
}}
+
  
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
+
'''NetBSD''' is an open source [[Unix]]-like [[operating system]] derived from the original University of California Berkeley's 4.3BSD release via the Networking/2 and 386BSD releases. It is available on many platforms.
  
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
+
== External Links ==
  
== Supported Formats ==
+
* [http://www.netbsd.org/ Official website]
 +
* [http://en.wikipedia.org/wiki/NetBSD Wikipedia: NetBSD]
  
=== Storage Media Image File Formats ===
+
[[Category:Operating systems]]
Storage Medis Image File Format support is provided by [[dfvfs]].
+
 
+
=== Volume System Formats ===
+
Volume System Format support is provided by [[dfvfs]].
+
 
+
=== File System Formats ===
+
File System Format support is provided by [[dfvfs]].
+
 
+
=== File formats ===
+
<b>TODO expand this list</b>
+
 
+
* Apple System Log (ASL)
+
* Basic Security Module (BSM)
+
* Bencode files
+
* [[Google Chrome|Chrome cache files]]
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]] using [[libesedb]]
+
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
+
* [[OLE Compound File]] using [[libolecf]]
+
* [[Property list (plist)|Property list (plist) format]] using [[binplist]]
+
* SQLite databases
+
* Syslog
+
* [[Windows Event Log (EVT)]] using [[libevt]]
+
* [[Windows NT Registry File (REGF)]] using [[libregf]]
+
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
+
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
+
 
+
=== Bencode file formats ===
+
* Transmission
+
* uTorrent
+
 
+
=== ESE database file formats ===
+
* Internet Explorer WebCache format
+
 
+
=== OLE Compound File formats ===
+
* Document summary information
+
* Summary information (top-level only)
+
 
+
=== Property list (plist) formats ===
+
<b>TODO expand this list</b>
+
* Airport
+
* Apple Account
+
* iPod/iPhone
+
* Install History
+
* Mac User
+
* Software Update
+
* Spotlight
+
* Spotlight Volume Information
+
* Timemachine
+
 
+
=== SQLite database file formats ===
+
* Android call logs
+
* Android SMS
+
* Chrome cookies
+
* Chrome browsing and downloads history
+
* Firefox browsing and downloads history
+
* Google Drive
+
* Launch services quarantine events
+
* MacKeeper
+
* Mac OS X document versions
+
* Skype
+
* Zeitgeist activity
+
 
+
=== Windows Registry formats ===
+
<b>TODO expand this list</b>
+
* AppCompatCache
+
* CCleaner
+
* MountPoints2
+
* MSIE Zone
+
* MSIE Zone Software
+
 
+
== History ==
+
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]] and other projects.
+
 
+
== See Also ==
+
* [[dfvfs]]
+
* [[log2timeline]]
+
 
+
== External Links ==
+
* [https://code.google.com/p/plaso/ Project site]
+
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
+
* [http://blog.kiddaland.net/ Project blog]
+
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]
+

Latest revision as of 05:24, 30 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

NetBSD is an open source Unix-like operating system derived from the original University of California Berkeley's 4.3BSD release via the Networking/2 and 386BSD releases. It is available on many platforms.

External Links