Difference between pages "Upcoming events" and "Plaso"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
m (File formats)
 
Line 1: Line 1:
Here is a BY DATE listing of '''upcoming conferences and training events''' that pertain to [[digital forensics]]. Some of these duplicate the generic [[conferences]], but have specific dates/locations for the upcoming conference/training event.
+
{{Infobox_Software |
 +
  name = plaso |
 +
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
 +
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
 +
  genre = {{Analysis}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
 +
}}
  
<b> The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv</b>
+
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
<b> Any requests for additions, deletions or corrections to this list should be sent by email to David Baker <i>(bakerd AT mitre.org)</i>. </b>
+
  
== Calls For Papers ==
+
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
|-
+
|First Annual European DeepSec In-Depth Security Conference
+
|Jun 10, 2007
+
|http://deepsec.net/cfp/
+
|-
+
|DFRWS 2007 File Carving Challenge
+
|Jul 09, 2007
+
|http://www.dfrws.org/2007/challenge/submission.html
+
|-
+
|}
+
  
== Conferences ==
+
== Supported Formats ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location
+
! Website
+
|-
+
|2007 Techno-Security Conference
+
|Jun 03-06, Myrtle Beach, SC
+
|http://www.techsec.com/html/Techno2007.html
+
|-
+
|Computer Security Institute NetSec '07
+
|Jun 11-13, Scottsdale, AZ
+
|http://www.gocsi.com/netsec/
+
|-
+
|2007 USENIX Annual Technical Conference
+
|Jun 17-22, Santa Clara, CA
+
|http://www.usenix.org/events/
+
|-
+
|Third Government Forum of Incident Response and Security Teams Conference
+
|Jun 25-29, Orlando, FL
+
|http://www.us-cert.gov/GFIRST/index.html
+
|-
+
|First International Workshop on Cyber-Fraud
+
|Jul 01-06, San Jose, CA
+
|http://www.iaria.org/conferences2007/CYBERFRAUD.html
+
|-
+
|Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2007
+
|Jul 12-13, Lucerne, Switzerland
+
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/dimva/
+
|-
+
|BlackHat Briefings
+
|Jul 28-Aug 02, Las Vegas, NV
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|DefCon
+
|Aug 03-05, Las Vegas, NV
+
|http://www.defcon.org/
+
|-
+
|16th USENIX Security Symposium
+
|Aug 06-10, Boston, MA
+
|http://www.usenix.org/events/
+
|-
+
|GMU 2007 Symposium
+
|Aug 06-10, George Mason University, Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|[[Digital Forensic Research Workshop|Digital Forensic Research Workshop 2007]]
+
|Aug 13-15, Pittsburgh, PA
+
|http://www.dfrws.org/2007/index.html
+
|-
+
|HTCIA 2007 International Training Conference & Exposition
+
|Aug 27-29, San Diego, CA
+
|http://www.htcia-sd.org/htcia2007.html
+
|-
+
|Recent Advances in Intrusion Detection (RAID) 2007
+
|Sep 05-07, Gold Coast, Queensland, Australia
+
|http://www.isi.qut.edu.au/events/conferences/raid07
+
|-
+
|14th International Conference on Image Analysis and Processing (ICIAP 2007)
+
|Sep 10-14, Modena, Italy
+
|http://www.iciap2007.org
+
|-
+
|3rd International Conference on IT-Incident Management & IT-Forensics
+
|Sep 11-12, Stuttgart, Germany
+
|http://www.imf-conference.org/
+
|-
+
|Black and White Ball
+
|Sep 25-28, London, UK
+
|http://www.theblackandwhiteball.co.uk/
+
|-
+
|BlackHat Japan - Briefings
+
|Oct 23-26, Tokyo, Japan
+
|http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
+
|-
+
|Techno-Forensics Conference
+
|Oct 29 - 31, Rockville, MD
+
|http://www.techsec.com/html/TechnoForensics2007.html
+
|-
+
|DeepSec IDSC
+
|Nov 22-24, Vienna, Austria
+
|http://deepsec.net/
+
|-
+
|DoD Cyber Crime Conference 2008
+
|Jan 13-18 2008, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|-
+
|AAFS Annual Meeting
+
|Feb 18-23 2008, Washington, DC
+
|http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|}
+
  
== On-going / Continuous Training ==
+
=== Storage Media Image File Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Storage Medis Image File Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location or Venue
+
! Website
+
|-
+
|Basic Computer Examiner Course
+
|Computer Forensic Training Online
+
|http://www.cftco.com
+
|-
+
|MaresWare Suite Training
+
|First full week every month, Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|}
+
  
== Scheduled Training Courses ==
+
=== Volume System Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Volume System Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
 
! Title
+
=== File System Formats ===
! Date/Location
+
File System Format support is provided by [[dfvfs]].
! Website
+
 
! Limitation
+
=== File formats ===
|-
+
<b>TODO expand this list</b>
|Computer Network Investigations Training Program (CNITP)
+
 
|May 15-25, FLETC, Glynco, GA
+
* Apple System Log (ASL)
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
* Basic Security Module (BSM)
|Limited to Law Enforcement
+
* Bencode files
|-
+
* [[Google Chrome|Chrome cache files]]
|AccessData Internet Forensics
+
* [[Property list (plist)|Binary property list (plist) format]] using [[binplist]]
|May 22-24 , Solna, Sweden
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]]using [[libesedb]]
|http://www.accessdata.com/training
+
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
|-
+
* [[OLE Compound File]] using [[libolecf]]
|EnCase v5 Advanced Computer Forensics
+
* SQLite databases
|May 22-25, United Kingdom
+
* Syslog
|http://www.guidancesoftware.com/training/schedule.asp
+
* [[Windows Event Log (EVT)]] using [[libevt]]
|-
+
* [[Windows NT Registry File (REGF)]] using [[libregf]]
|SARC Steganography Examiner Training
+
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
|May 23 - 24, Orlando, FL (National Center for Forensic Science)
+
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
|http://www.sarc-wv.com/training.aspx
+
 
|-
+
=== Bencode file formats ===
|First Responder to Digital Evidence Program (FRDE)
+
* Transmission
|May 30-Jun 01, FLETC, Glynco, GA
+
* uTorrent
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
 
|Limited to Law Enforcement
+
=== ESE database file formats ===
|-
+
<b>TODO expand this list</b>
|Computer Forensics First Responder
+
 
|May 31, Indianapolis, IN
+
=== OLE Compound File formats ===
|http://www.ifi-indy.org/ifi%20training/train.html
+
<b>TODO expand this list</b>
|-
+
 
|AccessData BootCamp
+
=== SQLite database file formats ===
|May 31-Jun 02, Myrtle Beach, SC
+
<b>TODO expand this list</b>
|http://www.accessdata.com/training
+
 
|-
+
=== Windows Registry formats ===
|AccessData Windows Forensics
+
<b>TODO expand this list</b>
|May 31-Jun 02, Myrtle Beach, SC
+
 
|http://www.accessdata.com/training
+
== History ==
|-
+
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]] and other projects.
|SMART for Linux
+
 
|Jun 04-07, Austin, TX
+
== See Also ==
|http://asrdata.com/training/training2.html
+
* [[dfvfs]]
|-
+
* [[log2timeline]]
|AccessData BootCamp
+
 
|Jun 05-07, Albuquerque, NM
+
== External Links ==
|http://www.accessdata.com/training
+
* [https://code.google.com/p/plaso/ Project site]
|-
+
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
|Advanced Data Forensics Topics
+
* [http://blog.kiddaland.net/ Project blog]
|Jun 11-13, Austin, TX
+
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]
|http://asrdata.com/training/training2.html
+
|-
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
|Jun 11-22, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Jun 12-14, SEARCH - Sacramento, CA
+
|https://www.e-fense.com/register.php
+
|-
+
|AccessData Internet Forensics
+
|Jun 12-14 , Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Jun 19-21, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Jul 09-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Cyber Counterterrorism Investigations Training Program (CCITP)
+
|Jul 09-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Windows Data Forensics
+
|Jul 16-18, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|Jul 16-27, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData BootCamp
+
|Jul 17-19, Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Jul 24-26, Albuquerque, NM
+
|http://www.accessdata.com/training
+
|-
+
|Network Forensics and Investigations Workshop
+
|Jul 25-27, Washington, DC
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Jul 31-Aug 02, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART for Linux
+
|Aug 06-09, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Aug 14-24, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Aug 13-15, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Network Forensics and Investigations Workshop
+
|Aug 13-15, Los Angeles, CA
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|Macintosh Forensic Survival Course
+
|Aug 13-17, Fredricksburg, VA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Internet Forensics
+
|Aug 14-16 , Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN
+
|https://www.e-fense.com/register.php
+
|-
+
|SMART for Linux
+
|Sep 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Sep 11-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData Applied Decryption
+
|Sep 11-13, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|Enterprise Data Forensics
+
|Sep 17-19, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Macintosh Forensic Survival Course
+
|Sep 24-28, Santa Ana, CA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Applied Decryption
+
|Sep 25-27, Chicago, IL
+
|http://www.accessdata.com/training
+
|-
+
|AccessData BootCamp
+
|Sep 25-27, Solna, SE
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Oct 01-04, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART Windows Data Forensics
+
|Oct 08-10, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART for Linux
+
|Nov 05-08, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|Nov 06-08, Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Nov 06-08, Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|SMART Linux Data Forensics
+
|Nov 12-14, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART for Linux
+
|Dec 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData Internet Forensics
+
|Dec 04-06 , Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Enterprise Data Forensics
+
|Dec 10-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|}
+

Revision as of 02:26, 3 June 2014

plaso
Maintainer: Kristinn Gudjonsson, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: code.google.com/p/plaso/

Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating targeted timelines.

The Plaso project site also provides 4n6time, formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by David Nides.

Supported Formats

Storage Media Image File Formats

Storage Medis Image File Format support is provided by dfvfs.

Volume System Formats

Volume System Format support is provided by dfvfs.

File System Formats

File System Format support is provided by dfvfs.

File formats

TODO expand this list

Bencode file formats

  • Transmission
  • uTorrent

ESE database file formats

TODO expand this list

OLE Compound File formats

TODO expand this list

SQLite database file formats

TODO expand this list

Windows Registry formats

TODO expand this list

History

Plaso is a Python-based rewrite of the Perl-based log2timeline initially created by Kristinn Gudjonsson. Plaso builds upon the SleuthKit, libyal and other projects.

See Also

External Links