Difference between revisions of "Timeline Analysis Bibliography"

From Forensics Wiki
Jump to: navigation, search
m (Papers)
(See Also)
 
(7 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
==Papers==
 
==Papers==
 +
* [http://forensicfocus.files.wordpress.com/2012/08/generating-computer-forensic-supertimelines-under-linux-a-comprehensive-guide-for-windows-based-disk-images1.pdf Generating computer forensic supertimelines under Linux - A comprehensive guide for Windows-based disk images], by R. Carbone, C. Bean, August 2012
 +
* J. Olsson, M. Boldt, [http://www.dfrws.org/2009/proceedings/p78-olsson.pdf "Computer forensic timeline visualization tool"], ScienceDirect Digital Investigation, Volume 6, September 2009
 +
* Jewan Bang, BY Yoo, JS Kim, SJ Lee, [http://forensic.korea.ac.kr/research/Conference/Analysis_of_Time_Information_for_Digital_Investigation.pdf "Analysis of Time Information for Digital Investigation"], NCM 2009, 5th International Joint Conference on INC, IMS, IDC, August 2009
 
* S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009
 
* S. Willassen, [http://www.igi-global.com/articles/details.asp?ID=33298 "A Model Based Approach to Timestamp Evidence Interpretation"], International Journal of Digital Crime and Forensics, 1:2, 2009
 
 
* Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time],  Master's Thesis, Blekinge Institute of Technology, September 2008.
 
* Olsson, Jens [http://www.bth.se/fou/cuppsats.nsf/bbb56322b274389dc1256608004f052b/2e5256fe7d0e57d5c12574bd0072d894!OpenDocument Digital Evidence with an Emphasis on Time],  Master's Thesis, Blekinge Institute of Technology, September 2008.
 
* R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008
 
* R. Koen, M. Olivier, [http://icsa.cs.up.ac.za/issa/2008/Proceedings/Full/43.pdf "The Use of File Timestamps in Digital Forensics"], ISSA 2008, Johannesburg, South Africa, July 2008
Line 21: Line 23:
 
* [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner, November 6, 2000
 
* [http://well-formed-data.net/archives/26/visualizing-gaps-in-time-based-lists Visualizing gaps in time-based lists], Moritz Stefaner, November 6, 2000
  
==Programs==
+
== Tools ==
 
; [[Zeitline]] — Forensic timeline editor
 
; [[Zeitline]] — Forensic timeline editor
 
: http://projects.cerias.purdue.edu/forensics/timeline.php
 
: http://projects.cerias.purdue.edu/forensics/timeline.php
 
: http://sourceforge.net/projects/zeitline/
 
: http://sourceforge.net/projects/zeitline/
 +
 +
; [[log2timeline]] - An artifact timeline creation and analysis framework
 +
: http://log2timeline.net
 +
: https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
 +
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
 
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
 
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
Line 30: Line 37:
 
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
 
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
  
==See Also==
+
; [[PTK]] has a timeline analysis tool.
* http://www.timeforensics.com/
+
  
 +
; [[Aftertime]] - Java based application for creating timelines
 +
: http://www.holmes.nl/NFIlabs/Aftertime/index.html
 +
ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
 +
: https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
  
 +
; [[sorter]] — [[Sleuthkit]]'s [[MAC times]] sorting program.
  
 +
; [http://code.google.com/p/simile-widgets/ Simile Timeline and Timeplot]
  
 +
; [[PTK]] has a timeline analysis tool.
 +
 +
; [[Aftertime]] - Java based application for creating timelines
 +
: http://www.holm
 +
; [[TimeFlow]] - Visual timelines for investigation - source freely available
 +
https://github.com/FlowingMedia/TimeFlow/wiki/
 +
 +
== External Links ==
 +
* http://www.timeforensics.com/
  
 
[[Category:Tools]]
 
[[Category:Tools]]
 
[[Category:Bibliographies]]
 
[[Category:Bibliographies]]
 
[[Category:Timeline Analysis]]
 
[[Category:Timeline Analysis]]

Latest revision as of 15:23, 27 August 2012

Papers

Tools

Zeitline — Forensic timeline editor
http://projects.cerias.purdue.edu/forensics/timeline.php
http://sourceforge.net/projects/zeitline/
log2timeline - An artifact timeline creation and analysis framework
http://log2timeline.net
https://blogs.sans.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/
https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
sorterSleuthkit's MAC times sorting program.
Simile Timeline and Timeplot
PTK has a timeline analysis tool.
Aftertime - Java based application for creating timelines
http://www.holmes.nl/NFIlabs/Aftertime/index.html

ns.org/computer-forensics/2009/08/13/artifact-timeline-creation-and-analysis-tool-release-log2timeline/

https://blogs.sans.org/computer-forensics/2009/08/14/artifact-timeline-creation-and-analysis-part-2/
sorterSleuthkit's MAC times sorting program.
Simile Timeline and Timeplot
PTK has a timeline analysis tool.
Aftertime - Java based application for creating timelines
http://www.holm
TimeFlow - Visual timelines for investigation - source freely available

https://github.com/FlowingMedia/TimeFlow/wiki/

External Links