Difference between pages "Upcoming events" and "Plaso"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences: - Added DoD Cyber Crime 2008)
 
m (File formats)
 
Line 1: Line 1:
Here is a BY DATE listing of '''upcoming conferences and training events''' that pertain to [[digital forensics]]. Some of these duplicate the generic [[conferences]], but have specific dates/locations for the upcoming conference/training event.
+
{{Infobox_Software |
 +
  name = plaso |
 +
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
 +
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
 +
  genre = {{Analysis}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
 +
}}
  
<b> The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv</b>
+
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
<b> Any requests for additions, deletions or corrections to this list should be sent by email to David Baker <i>(bakerd AT mitre.org)</i>. </b>
+
  
== Calls For Papers ==
+
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
|-
+
|International Conference on Incident Management and IT-Forensics
+
|May 14, 2007
+
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2007/cfp_en.html
+
|-
+
|First Annual European DeepSec In-Depth Security Conference
+
|Jun 10, 2007
+
|http://deepsec.net/cfp/
+
|-
+
|DFRWS 2007 File Carving Challenge
+
|Jul 09, 2007
+
|http://www.dfrws.org/2007/challenge/submission.html
+
|-
+
|}
+
  
== Conferences ==
+
== Supported Formats ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location
+
! Website
+
|-
+
|Computer and Enterprise Investigations Conference (CEIC)
+
|May 06-09, Las Vegas, NV
+
|http://www.ceic2007.com/
+
|-
+
|CONFidence 2007
+
|May 13-14, Cracow, Poland
+
|http://2007.confidence.org.pl/
+
|-
+
|22nd IFIP International Information Security Conference
+
|May 14-16, Sandton, South Africa
+
|http://www.sbs.co.za/ifipsec2007/
+
|-
+
|Texas Regional Infrastructure Security Conference (TRISC)
+
|May 15-17, Austin, TX
+
|http://www.trisc.org/
+
|-
+
|2007 Techno-Security Conference
+
|Jun 03-06, Myrtle Beach, SC
+
|http://www.techsec.com/html/Techno2007.html
+
|-
+
|Computer Security Institute NetSec '07
+
|Jun 11-13, Scottsdale, AZ
+
|http://www.gocsi.com/netsec/
+
|-
+
|2007 USENIX Annual Technical Conference
+
|Jun 17-22, Santa Clara, CA
+
|http://www.usenix.org/events/
+
|-
+
|Third Government Forum of Incident Response and Security Teams Conference
+
|Jun 25-29, Orlando, FL
+
|http://www.us-cert.gov/GFIRST/index.html
+
|-
+
|First International Workshop on Cyber-Fraud
+
|Jul 01-06, San Jose, CA
+
|http://www.iaria.org/conferences2007/CYBERFRAUD.html
+
|-
+
|Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2007
+
|Jul 12-13, Lucerne, Switzerland
+
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/dimva/
+
|-
+
|16th USENIX Security Symposium
+
|Aug 06-10, Boston, MA
+
|http://www.usenix.org/events/
+
|-
+
|GMU 2007 Symposium
+
|Aug 06-10, George Mason University, Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|[[Digital Forensic Research Workshop|Digital Forensic Research Workshop 2007]]
+
|Aug 13-15, Pittsburgh, PA
+
|http://www.dfrws.org/2007/index.html
+
|-
+
|HTCIA 2007 International Training Conference & Exposition
+
|Aug 27-29, San Diego, CA
+
|http://www.htcia-sd.org/htcia2007.html
+
|-
+
|Recent Advances in Intrusion Detection (RAID) 2007
+
|Sep 05-07, Gold Coast, Queensland, Australia
+
|http://www.isi.qut.edu.au/events/conferences/raid07
+
|-
+
|14th International Conference on Image Analysis and Processing (ICIAP 2007)
+
|Sep 10-14, Modena, Italy
+
|http://www.iciap2007.org
+
|-
+
|3rd International Conference on IT-Incident Management & IT-Forensics
+
|Sep 11-12, Stuttgart, Germany
+
|http://www.imf-conference.org/
+
|-
+
|Black and White Ball
+
|Sep 25-28, London, UK
+
|http://www.theblackandwhiteball.co.uk/
+
|-
+
|Techno-Forensics Conference
+
|Oct 29 - 31, Rockville, MD
+
|http://www.techsec.com/html/TechnoForensics2007.html
+
|-
+
|DeepSec IDSC
+
|Nov 22-24, Vienna, Austria
+
|http://deepsec.net/
+
|-
+
|DoD Cyber Crime Conference 2008
+
|Jan 2008, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|}
+
  
== On-going / Continuous Training ==
+
=== Storage Media Image File Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Storage Medis Image File Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location or Venue
+
! Website
+
|-
+
|Basic Computer Examiner Course
+
|Computer Forensic Training Online
+
|http://www.cftco.com
+
|-
+
|MaresWare Suite Training
+
|First full week every month, Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|}
+
  
== Scheduled Training Courses ==
+
=== Volume System Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Volume System Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
 
! Title
+
=== File System Formats ===
! Date/Location
+
File System Format support is provided by [[dfvfs]].
! Website
+
 
! Limitation
+
=== File formats ===
|-
+
<b>TODO expand this list</b>
|SMART for Linux
+
 
|May 07-10, Austin, TX
+
* Apple System Log (ASL)
|http://asrdata.com/training/training2.html
+
* Basic Security Module (BSM)
|-
+
* Bencode files
|AccessData Internet Forensics
+
* [[Google Chrome|Chrome cache files]]
|May 08-10, Albuquerque, NM
+
* [[Property list (plist)|Binary property list (plist) format]] using [[binplist]]
|http://www.accessdata.com/training
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]]using [[libesedb]]
|-
+
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
|EnCase v5 Advanced Computer Forensics
+
* [[OLE Compound File]] using [[libolecf]]
|May 08-11, Washington DC
+
* SQLite databases
|http://www.guidancesoftware.com/training/schedule.asp
+
* Syslog
|-
+
* [[Windows Event Log (EVT)]] using [[libevt]]
|SMART Windows Data Forensics
+
* [[Windows NT Registry File (REGF)]] using [[libregf]]
|May 14-16, Austin, TX
+
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
|http://asrdata.com/training/training2.html
+
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
|-
+
 
|EnCase v5 Intermediate Analysis and Reporting
+
=== Bencode file formats ===
|May 15-18, United Kingdom
+
* Transmission
|http://www.guidancesoftware.com/training/schedule.asp
+
* uTorrent
|-
+
 
|Computer Network Investigations Training Program (CNITP)
+
=== ESE database file formats ===
|May 15-25, FLETC, Glynco, GA
+
<b>TODO expand this list</b>
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
 
|Limited to Law Enforcement
+
=== OLE Compound File formats ===
|-
+
<b>TODO expand this list</b>
|AccessData Internet Forensics
+
 
|May 22-24 , Solna, Sweden
+
=== SQLite database file formats ===
|http://www.accessdata.com/training
+
<b>TODO expand this list</b>
|-
+
 
|EnCase v5 Advanced Computer Forensics
+
=== Windows Registry formats ===
|May 22-25, United Kingdom
+
<b>TODO expand this list</b>
|http://www.guidancesoftware.com/training/schedule.asp
+
 
|-
+
== History ==
|SARC Steganography Examiner Training
+
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]] and other projects.
|May 23 - 24, Orlando, FL (National Center for Forensic Science)
+
 
|http://www.sarc-wv.com/training.aspx
+
== See Also ==
|-
+
* [[dfvfs]]
|First Responder to Digital Evidence Program (FRDE)
+
* [[log2timeline]]
|May 30-Jun 01, FLETC, Glynco, GA
+
 
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
== External Links ==
|Limited to Law Enforcement
+
* [https://code.google.com/p/plaso/ Project site]
|-
+
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
|Computer Forensics First Responder
+
* [http://blog.kiddaland.net/ Project blog]
|May 31, Indianapolis, IN
+
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]
|http://www.ifi-indy.org/ifi%20training/train.html
+
|-
+
|AccessData BootCamp
+
|May 31-Jun 02, Myrtle Beach, SC
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|May 31-Jun 02, Myrtle Beach, SC
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Jun 04-07, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|Jun 05-07, Albuquerque, NM
+
|http://www.accessdata.com/training
+
|-
+
|Advanced Data Forensics Topics
+
|Jun 11-13, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
|Jun 11-22, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Jun 12-14, SEARCH - Sacramento, CA
+
|https://www.e-fense.com/register.php
+
|-
+
|AccessData Internet Forensics
+
|Jun 12-14 , Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Jun 19-21, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Jul 09-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Cyber Counterterrorism Investigations Training Program (CCITP)
+
|Jul 09-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Windows Data Forensics
+
|Jul 16-18, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|Jul 16-27, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData BootCamp
+
|Jul 17-19, Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Jul 24-26, Albuquerque, NM
+
|http://www.accessdata.com/training
+
|-
+
|Network Forensics and Investigations Workshop
+
|Jul 25-27, Washington, DC
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Jul 31-Aug 02, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART for Linux
+
|Aug 06-09, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Aug 14-24, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Aug 13-15, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Network Forensics and Investigations Workshop
+
|Aug 13-15, Los Angeles, CA
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|Macintosh Forensic Survival Course
+
|Aug 13-17, Fredricksburg, VA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Internet Forensics
+
|Aug 14-16 , Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN
+
|https://www.e-fense.com/register.php
+
|-
+
|SMART for Linux
+
|Sep 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Sep 11-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData Applied Decryption
+
|Sep 11-13, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|Enterprise Data Forensics
+
|Sep 17-19, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Macintosh Forensic Survival Course
+
|Sep 24-28, Santa Ana, CA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Applied Decryption
+
|Sep 25-27, Chicago, IL
+
|http://www.accessdata.com/training
+
|-
+
|AccessData BootCamp
+
|Sep 25-27, Solna, SE
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Oct 01-04, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART Windows Data Forensics
+
|Oct 08-10, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART for Linux
+
|Nov 05-08, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|Nov 06-08, Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Nov 06-08, Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|SMART Linux Data Forensics
+
|Nov 12-14, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART for Linux
+
|Dec 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData Internet Forensics
+
|Dec 04-06 , Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Enterprise Data Forensics
+
|Dec 10-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|}
+

Revision as of 02:26, 3 June 2014

plaso
Maintainer: Kristinn Gudjonsson, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: code.google.com/p/plaso/

Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating targeted timelines.

The Plaso project site also provides 4n6time, formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by David Nides.

Supported Formats

Storage Media Image File Formats

Storage Medis Image File Format support is provided by dfvfs.

Volume System Formats

Volume System Format support is provided by dfvfs.

File System Formats

File System Format support is provided by dfvfs.

File formats

TODO expand this list

Bencode file formats

  • Transmission
  • uTorrent

ESE database file formats

TODO expand this list

OLE Compound File formats

TODO expand this list

SQLite database file formats

TODO expand this list

Windows Registry formats

TODO expand this list

History

Plaso is a Python-based rewrite of the Perl-based log2timeline initially created by Kristinn Gudjonsson. Plaso builds upon the SleuthKit, libyal and other projects.

See Also

External Links