ATTENTION: The new home of the Digital Forensics Wiki is at https://forensicswiki.xyz/. Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn
|Maintainer:||Kristinn Gudjonsson, Joachim Metz, Eric Mak, David Nides|
|OS:||Linux, Mac OS X, Windows|
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Image File Formats
Volume System Formats
File System Formats
- Binary property list (plist) format using binplist
- Internet Explorer History File Format (also known as MSIE 4-9 Cache Files or index.dat) using libmsiecf
- Windows Event Log (EVT) using libevt
- Windows NT Registry File (REGF) using libregf
- Windows Shortcut File (LNK) format using liblnk
- Windows XML Event Log (EVTX) using libevtx
It comes bundled with 4n6time, formally "l2t_Review", a cross-platform forensic tool for timeline creation and review, by David Nides.