Difference between revisions of "Timeline Analysis Bibliography"
From Forensics Wiki
(Category:Bibliographies) |
Joachim Metz (Talk | contribs) (→See Also) |
||
| (16 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
| + | ==Papers== | ||
| + | * [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012 | ||
| + | * J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009 | ||
| + | * Jewan Bang, BY Yoo, JS Kim, SJ Lee, [http://forensic.korea.ac.kr/research/Conference/Analysis_of_Time_Information_for_Digital_Investigation.pdf "Analysis of Time Information for Digital Investigation"], NCM 2009, 5th International Joint Conference on INC, IMS, IDC, August 2009 | ||
| + | * S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009 | ||
| + | * Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time], Master's Thesis, Blekinge Institute of Technology, September 2008. | ||
| + | * R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008 | ||
| + | * S. Willassen, [http://www.diva-portal.org/ntnu/abstract.xsql?dbid=2145 "Methods for Enhancement of Timestamp Evidence in Digital Investigations"], PhD Dissertation, Norwegian University of Science and Technology, 2008 | ||
| + | * S. Willassen, [http://www.willassen.no/svein/pub/ares08.pdf "Finding Evidence of Antedating in Digital Investigations"], ARES 2008, Barcelona, Spain, March 2008 | ||
| + | * S. Willassen, [http://www.willassen.no/svein/pub/ifip08.pdf "Hypothesis Based Investigation of Digital Timestamp"], 4th IFIP WG 11.9 Workskop on Digital Evidence, Kyoto, Japan, January 2008 | ||
| + | * S. Willassen, [http://www.willassen.no/svein/pub/efor08.pdf "Timestamp Evidence Correlation by model based clock hypothesis testing"], E-Forensics 2008, Adelaide, Australia, January 2008 | ||
| + | * F. Buchholz, [http://www.infosec.jmu.edu/reports/jmu-infosec-tr-2007-001.pdf "An Improved Clock Model for Translating Timestamps"], JMU-INFOSEC-TR-2007-001, James Madison University | ||
| + | * F. Buchholz, B. Tjaden, [http://www.dfrws.org/2007/proceedings/p31-buchholz.pdf "A brief study of time"], Digital Investigation 2007:4S | ||
| + | * K. Chow, F. Law, M. Kwan, P. Lai, [http://i.cs.hku.hk/~cisc/forensics/papers/RuleOfTime.pdf "The Rules of Time on NTFS File System"], 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering, Seattle, Washington, April 2007 | ||
| + | * B. Schatz, G. Mohay, A. Clark, [http://www.dfrws.org/2006/proceedings/13-%20Schatz.pdf "A correlation method for establishing provenance of timestamps in digital evidence"], Digital Investigation 2006:3S | ||
| + | * P. Gladyshev, A. Patel, [http://www.utica.edu/academic/institutes/ecii/publications/articles/B4A90270-B5A9-6380-68863F61C2F7603D.pdf "Formalizing Event Time Bouding in Digital Investigation"], International Journal of Digital Evidence, vol 4:2, 2005 | ||
| + | * C. Boyd, P. Forster, "Time and Date issues in forensic computing - a case study", Digital Investigation 2004:1 | ||
| + | * M.W. Stevens, "Unification of relative time frames for digital forensics", Digital Investigation 2004:1 | ||
| + | * [http://www.utica.edu/academic/institutes/ecii/publications/articles/A048B1E4-B921-1DA3-EB227EE7F61F2053.pdf "Dynamic Time & Date Stamp Analysis"], M .C. Weil, International Journal of Digital Evidence, vol 1:2, 2002 | ||
| + | |||
| + | * [http://infoviz.pnl.gov/pdf/themeriver99.pdf ThemeRiver: In Search of Trends, Patterns, and Relationships], Susan Havre, Beth Hetzler, and Lucy Nowell, Battelle Pacific Northwest Division, Richland, Washington, 1999 | ||
| + | * [http://www.conceptsymbols.com/web/publications/2003_timelines.pdf Timeline Visualization of Research Fronts], Steven A. Morris2, G. Yen, Zheng Wu, Benyam Asnake , School of Electrical and Computer Engineering, Oklahoma State University, Stillwater, Oklahoma. 2003 | ||
| + | * [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner, November 6, 2000 | ||
| + | |||
| + | == Tools == | ||
; [[Zeitline]] — Forensic timeline editor | ; [[Zeitline]] — Forensic timeline editor | ||
: http://projects.cerias.purdue.edu/forensics/timeline.php | : http://projects.cerias.purdue.edu/forensics/timeline.php | ||
: http://sourceforge.net/projects/zeitline/ | : http://sourceforge.net/projects/zeitline/ | ||
| + | |||
| + | ; [[log2timeline]] - An artifact timeline creation and analysis framework | ||
| + | : http://log2timeline.net | ||
| + | : https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/ | ||
| + | : https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/ | ||
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program. | ; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program. | ||
| − | |||
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot] | ; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot] | ||
| − | ; | + | ; [[PTK]] has a timeline analysis tool. |
| − | + | ||
| − | + | ||
| − | ; [http://www. | + | ; [[Aftertime]] - Java based application for creating timelines |
| − | : | + | : http://www.holmes.nl/NFIlabs/Aftertime/index.html |
| + | ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/ | ||
| + | : https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/ | ||
| + | |||
| + | ; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program. | ||
| + | |||
| + | ; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot] | ||
| + | ; [[PTK]] has a timeline analysis tool. | ||
| + | ; [[Aftertime]] - Java based application for creating timelines | ||
| + | : http://www.holm | ||
| + | ; [[TimeFlow]] - Visual timelines for investigation - source freely available | ||
| + | https://github.com/FlowingMedia/TimeFlow/wiki/ | ||
| + | == External Links == | ||
| + | * http://www.timeforensics.com/ | ||
[[Category:Tools]] | [[Category:Tools]] | ||
[[Category:Bibliographies]] | [[Category:Bibliographies]] | ||
| + | [[Category:Timeline Analysis]] | ||
Latest revision as of 15:23, 27 August 2012
[edit] Papers
- Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images, by R. Carbone, C. Bean, August 2012
- J. Olsson, M. Boldt, "Computer forensic timeline visualization tool", ScienceDirect Digital Investigation, Volume 6, September 2009
- Jewan Bang, BY Yoo, JS Kim, SJ Lee, "Analysis of Time Information for Digital Investigation", NCM 2009, 5th International Joint Conference on INC, IMS, IDC, August 2009
- S. Willassen, "A Model Based Approach to Timestamp Evidence Interpretation", International Journal of Digital Crime and Forensics, 1:2, 2009
- Olsson, Jens Digital Evidence with an Emphasis on Time, Master's Thesis, Blekinge Institute of Technology, September 2008.
- R. Koen, M. Olivier, "The Use of File Timestamps in Digital Forensics", ISSA 2008, Johannesburg, South Africa, July 2008
- S. Willassen, "Methods for Enhancement of Timestamp Evidence in Digital Investigations", PhD Dissertation, Norwegian University of Science and Technology, 2008
- S. Willassen, "Finding Evidence of Antedating in Digital Investigations", ARES 2008, Barcelona, Spain, March 2008
- S. Willassen, "Hypothesis Based Investigation of Digital Timestamp", 4th IFIP WG 11.9 Workskop on Digital Evidence, Kyoto, Japan, January 2008
- S. Willassen, "Timestamp Evidence Correlation by model based clock hypothesis testing", E-Forensics 2008, Adelaide, Australia, January 2008
- F. Buchholz, "An Improved Clock Model for Translating Timestamps", JMU-INFOSEC-TR-2007-001, James Madison University
- F. Buchholz, B. Tjaden, "A brief study of time", Digital Investigation 2007:4S
- K. Chow, F. Law, M. Kwan, P. Lai, "The Rules of Time on NTFS File System", 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering, Seattle, Washington, April 2007
- B. Schatz, G. Mohay, A. Clark, "A correlation method for establishing provenance of timestamps in digital evidence", Digital Investigation 2006:3S
- P. Gladyshev, A. Patel, "Formalizing Event Time Bouding in Digital Investigation", International Journal of Digital Evidence, vol 4:2, 2005
- C. Boyd, P. Forster, "Time and Date issues in forensic computing - a case study", Digital Investigation 2004:1
- M.W. Stevens, "Unification of relative time frames for digital forensics", Digital Investigation 2004:1
- "Dynamic Time & Date Stamp Analysis", M .C. Weil, International Journal of Digital Evidence, vol 1:2, 2002
- ThemeRiver: In Search of Trends, Patterns, and Relationships, Susan Havre, Beth Hetzler, and Lucy Nowell, Battelle Pacific Northwest Division, Richland, Washington, 1999
- Timeline Visualization of Research Fronts, Steven A. Morris2, G. Yen, Zheng Wu, Benyam Asnake , School of Electrical and Computer Engineering, Oklahoma State University, Stillwater, Oklahoma. 2003
- Visualizing gaps in time-based lists, Moritz Stefaner, November 6, 2000
[edit] Tools
- Zeitline — Forensic timeline editor
- http://projects.cerias.purdue.edu/forensics/timeline.php
- http://sourceforge.net/projects/zeitline/
- log2timeline - An artifact timeline creation and analysis framework
- http://log2timeline.net
- https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
- https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
- PTK has a timeline analysis tool.
- Aftertime - Java based application for creating timelines
- http://www.holmes.nl/NFIlabs/Aftertime/index.html
ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
- https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
- PTK has a timeline analysis tool.
- Aftertime - Java based application for creating timelines
- http://www.holm
- TimeFlow - Visual timelines for investigation - source freely available
https://github.com/FlowingMedia/TimeFlow/wiki/
