Difference between pages "Upcoming events" and "Plaso"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
m (File formats)
 
Line 1: Line 1:
Here is a BY DATE listing of '''upcoming conferences and training events''' that pertain to [[digital forensics]]. Some of these duplicate the generic [[conferences]], but have specific dates/locations for the upcoming conference/training event.
+
{{Infobox_Software |
 +
  name = plaso |
 +
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
 +
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
 +
  genre = {{Analysis}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
 +
}}
  
<b> The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv</b>
+
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
<b> Any requests for additions, deletions or corrections to this list should be sent by email to David Baker <i>(bakerd AT mitre.org)</i>. </b>
+
  
== Calls For Papers ==
+
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
|-
+
|DFRWS 2007 File Carving Challenge
+
|Jul 09, 2007
+
|http://www.dfrws.org/2007/challenge/submission.html
+
|-
+
|American Academy of Forensic Sciences 2008 Annual Meeting
+
|Aug 01, 2007
+
|http://www.aafs.org/abstracts/your_online_presentation_submiss.htm
+
|-
+
|Digital Forensic Forum Prague 2007
+
|Aug 31, 2007
+
|http://www.dff-prague.com/News/article/sid=17.html
+
|}
+
  
== Conferences ==
+
== Supported Formats ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location
+
! Website
+
|-
+
|Computer Security Institute NetSec '07
+
|Jun 11-13, Scottsdale, AZ
+
|http://www.gocsi.com/netsec/
+
|-
+
|2007 USENIX Annual Technical Conference
+
|Jun 17-22, Santa Clara, CA
+
|http://www.usenix.org/events/
+
|-
+
|Third Government Forum of Incident Response and Security Teams Conference
+
|Jun 25-29, Orlando, FL
+
|http://www.us-cert.gov/GFIRST/index.html
+
|-
+
|First International Workshop on Cyber-Fraud
+
|Jul 01-06, San Jose, CA
+
|http://www.iaria.org/conferences2007/CYBERFRAUD.html
+
|-
+
|Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2007
+
|Jul 12-13, Lucerne, Switzerland
+
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/dimva/
+
|-
+
|BlackHat Briefings
+
|Jul 28-Aug 02, Las Vegas, NV
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|DefCon
+
|Aug 03-05, Las Vegas, NV
+
|http://www.defcon.org/
+
|-
+
|16th USENIX Security Symposium
+
|Aug 06-10, Boston, MA
+
|http://www.usenix.org/events/
+
|-
+
|GMU 2007 Symposium
+
|Aug 06-10, George Mason University, Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|[[Digital Forensic Research Workshop|Digital Forensic Research Workshop 2007]]
+
|Aug 13-15, Pittsburgh, PA
+
|http://www.dfrws.org/2007/index.html
+
|-
+
|HTCIA 2007 International Training Conference & Exposition
+
|Aug 27-29, San Diego, CA
+
|http://www.htcia-sd.org/htcia2007.html
+
|-
+
|Recent Advances in Intrusion Detection (RAID) 2007
+
|Sep 05-07, Gold Coast, Queensland, Australia
+
|http://www.isi.qut.edu.au/events/conferences/raid07
+
|-
+
|14th International Conference on Image Analysis and Processing (ICIAP 2007)
+
|Sep 10-14, Modena, Italy
+
|http://www.iciap2007.org
+
|-
+
|3rd International Conference on IT-Incident Management & IT-Forensics
+
|Sep 11-12, Stuttgart, Germany
+
|http://www.imf-conference.org/
+
|-
+
|Black and White Ball
+
|Sep 25-28, London, UK
+
|http://www.theblackandwhiteball.co.uk/
+
|-
+
|Wisconsin Association of Computer Crimes Investigators/Forensic Association of Computer Technologists
+
|Sep 26-28, Milwaukee, WI
+
|http://www.byteoutofcrime.org
+
|-
+
|BlackHat Japan - Briefings
+
|Oct 23-26, Tokyo, Japan
+
|http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
+
|-
+
|Techno-Forensics Conference
+
|Oct 29 - 31, Rockville, MD
+
|http://www.techsec.com/html/TechnoForensics2007.html
+
|-
+
|DeepSec IDSC
+
|Nov 22-24, Vienna, Austria
+
|http://deepsec.net/
+
|-
+
|Digital Forensic Forum Prague 2007
+
|Nov 26-27, Prague, Czech Republic
+
|http://www.dff-prague.com/
+
|-
+
|DoD Cyber Crime Conference 2008
+
|Jan 13-18 2008, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|-
+
|AAFS Annual Meeting
+
|Feb 18-23 2008, Washington, DC
+
|http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|}
+
  
== On-going / Continuous Training ==
+
=== Storage Media Image File Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Storage Medis Image File Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location or Venue
+
! Website
+
|-
+
|Basic Computer Examiner Course
+
|Computer Forensic Training Online
+
|http://www.cftco.com
+
|-
+
|MaresWare Suite Training
+
|First full week every month, Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|Evidence Recovery for Windows Vista&trade;
+
|First full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2003 R2
+
|Second full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for the Windows XP&trade; operating system
+
|Third full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|}
+
  
== Scheduled Training Courses ==
+
=== Volume System Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Volume System Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
 
! Title
+
=== File System Formats ===
! Date/Location
+
File System Format support is provided by [[dfvfs]].
! Website
+
 
! Limitation
+
=== File formats ===
|-
+
<b>TODO expand this list</b>
|SMART for Linux
+
 
|Jun 04-07, Austin, TX
+
* Apple System Log (ASL)
|http://asrdata.com/training/training2.html
+
* Basic Security Module (BSM)
|-
+
* Bencode files
|AccessData BootCamp
+
* [[Google Chrome|Chrome cache files]]
|Jun 05-07, Albuquerque, NM
+
* [[Property list (plist)|Binary property list (plist) format]] using [[binplist]]
|http://www.accessdata.com/training
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]]using [[libesedb]]
|-
+
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
|Advanced Data Forensics Topics
+
* [[OLE Compound File]] using [[libolecf]]
|Jun 11-13, Austin, TX
+
* SQLite databases
|http://asrdata.com/training/training2.html
+
* Syslog
|-
+
* [[Windows Event Log (EVT)]] using [[libevt]]
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
* [[Windows NT Registry File (REGF)]] using [[libregf]]
|Jun 11-22, FLETC, Glynco, GA
+
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
|Limited to Law Enforcement
+
 
|-
+
=== Bencode file formats ===
|AccessData Internet Forensics
+
* Transmission
|Jun 12-14 , Boise, ID
+
* uTorrent
|http://www.accessdata.com/training
+
 
|-
+
=== ESE database file formats ===
|Forensics Tools and Techniques
+
<b>TODO expand this list</b>
|13-15 Jun, Mississippi State University
+
 
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
=== OLE Compound File formats ===
|Limited to Law Enforcement
+
<b>TODO expand this list</b>
|-
+
 
|AccessData Windows Forensics
+
=== SQLite database file formats ===
|Jun 19-21, Dallas, TX
+
<b>TODO expand this list</b>
|http://www.accessdata.com/training
+
 
|-
+
=== Windows Registry formats ===
|SMART for Linux
+
<b>TODO expand this list</b>
|Jul 09-12, Austin, TX
+
 
|http://asrdata.com/training/training2.html
+
== History ==
|-
+
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]] and other projects.
|Cyber Counterterrorism Investigations Training Program (CCITP)
+
 
|Jul 09-13, FLETC, Glynco, GA
+
== See Also ==
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
* [[dfvfs]]
|Limited to Law Enforcement
+
* [[log2timeline]]
|-
+
 
|SMART Windows Data Forensics
+
== External Links ==
|Jul 16-18, Austin, TX
+
* [https://code.google.com/p/plaso/ Project site]
|http://asrdata.com/training/training2.html
+
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
|-
+
* [http://blog.kiddaland.net/ Project blog]
|Seized Computer Evidence Recovery Specialist (SCERS)
+
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]
|Jul 16-27, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData BootCamp
+
|Jul 17-19, Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Jul 24-26, Albuquerque, NM
+
|http://www.accessdata.com/training
+
|-
+
|Network Forensics and Investigations Workshop
+
|Jul 25-27, Washington, DC
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Jul 31-Aug 02, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SARC Steganography Examiner Training
+
|Aug 04 - 05, Fairfax, VA (RCFG/GMU Conference 2007)
+
|http://www.sarc-wv.com/training.aspx
+
|-
+
|SMART for Linux
+
|Aug 06-09, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|06-08 Aug, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|X-Ways Forensics
+
|Aug 06-08, Seattle, WA
+
|http://www.x-ways.net/training/seattle.html
+
|-
+
|Forensics Tools and Techniques
+
|08-10 Aug, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|File Systems Revealed
+
|Aug 9-10, Seattle, WA
+
|http://www.x-ways.net/training/seattle.html
+
|-
+
|Search and Seizure of Computers and Electronic Evidence
+
|09-10 Aug, Oxford, MS
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Aug 14-24, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Aug 13-15, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Network Forensics and Investigations Workshop
+
|Aug 13-15, Los Angeles, CA
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|Macintosh Forensic Survival Course
+
|Aug 13-17, Fredricksburg, VA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Internet Forensics
+
|Aug 14-16 , Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN
+
|https://www.e-fense.com/register.php
+
|-
+
|SMART for Linux
+
|Sep 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|04-06 Sep, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Sep 11-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData Applied Decryption
+
|Sep 11-13, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|Enterprise Data Forensics
+
|Sep 17-19, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|24-26 Sep, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Macintosh Forensic Survival Course
+
|Sep 24-28, Santa Ana, CA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Applied Decryption
+
|Sep 25-27, Chicago, IL
+
|http://www.accessdata.com/training
+
|-
+
|AccessData BootCamp
+
|Sep 25-27, Solna, SE
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|26-28 Sep, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Search and Seizure of Computers and Electronic Evidence
+
|29-30 Oct, Oxford, MS
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|SMART for Linux
+
|Oct 01-04, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART Windows Data Forensics
+
|Oct 08-10, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|X-Ways Forensics
+
|Oct 22-24, Hong Kong
+
|http://www.x-ways.net/training/hong_kong.html
+
|-
+
|File Systems Revealed
+
|Oct 25-26, Hong Kong
+
|http://www.x-ways.net/training/hong_kong.html
+
|-
+
|SARC Steganography Examiner Training
+
|Oct 26 - 27, Gaithersburg, MD (Techno Forensics Conference 2007)
+
|http://www.sarc-wv.com/training.aspx
+
|-
+
|SMART for Linux
+
|Nov 05-08, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|05-07 Nov, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|AccessData BootCamp
+
|Nov 06-08, Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Nov 06-08, Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|07-09 Nov, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Nov 12-14, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|13-15 Nov, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|SMART for Linux
+
|Dec 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|03-05 Dec, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|AccessData Internet Forensics
+
|Dec 04-06 , Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|05-07 Dec, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Enterprise Data Forensics
+
|Dec 10-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|}
+

Revision as of 03:26, 3 June 2014

plaso
Maintainer: Kristinn Gudjonsson, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: code.google.com/p/plaso/

Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating targeted timelines.

The Plaso project site also provides 4n6time, formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by David Nides.

Supported Formats

Storage Media Image File Formats

Storage Medis Image File Format support is provided by dfvfs.

Volume System Formats

Volume System Format support is provided by dfvfs.

File System Formats

File System Format support is provided by dfvfs.

File formats

TODO expand this list

Bencode file formats

  • Transmission
  • uTorrent

ESE database file formats

TODO expand this list

OLE Compound File formats

TODO expand this list

SQLite database file formats

TODO expand this list

Windows Registry formats

TODO expand this list

History

Plaso is a Python-based rewrite of the Perl-based log2timeline initially created by Kristinn Gudjonsson. Plaso builds upon the SleuthKit, libyal and other projects.

See Also

External Links