|Maintainer:||Kristinn Gudjonsson, Joachim Metz, Eric Mak, David Nides|
|OS:||Linux, Mac OS X, Windows|
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Image File Formats
Volume System Formats
File System Formats
- Binary property list (plist) format using binplist
- Internet Explorer History File Format (also known as MSIE 4-9 Cache Files or index.dat) using libmsiecf
- Windows Event Log (EVT) using libevt
- Windows NT Registry File (REGF) using libregf
- Windows Shortcut File (LNK) format using liblnk
- Windows XML Event Log (EVTX) using libevtx
It comes bundled with 4n6time, formally "l2t_Review", a cross-platform forensic tool for timeline creation and review, by David Nides.