Difference between pages "Websites" and "Plaso"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(File Formats)
 
Line 1: Line 1:
'''Websites''' about [[digital forensics]] and related topics.
+
{{Infobox_Software |
 +
  name = plaso |
 +
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
 +
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
 +
  genre = {{Analysis}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
 +
}}
  
= Digital Forensics =
+
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
; Bruce Nikkel's Computer Forensics Homepage
+
: [http://digitalforensics.ch/ Bruce Nikkel's Computer Forensics Homepage]
+
: Presentations, links, references
+
  
; Digital Forensic Solution Provider Website
+
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
: [http://forensicpeople.com/ Forensic People Website]
+
  
; Certfied Computer Examiner Website
+
== Supported Formats ==
: [http://www.isfce.com/ Certfied Computer Examiner Website]
+
: Open certification process for digital forensics.
+
  
; Computer Forensics Tool Testing (CFTT) project
+
=== Storage Media Image File Formats ===
: [http://www.cftt.nist.gov/ Computer Forensics Tool Testing project]
+
Storage Medis Image File Format support is provided by [[dfvfs]].
: The Computer Forensic Tool Testing (CFTT) project establishes methodologies for testing computer forensic tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware.
+
  
; Computer Forensics and Investigations
+
=== Volume System Formats ===
: [http://computer-forensics-lab.org/ project “COMPUTER FORENSICS AND INVESTIGATIONS”]
+
Volume System Format support is provided by [[dfvfs]].
: Computer Forensics articles, and website of Igor Michailov
+
  
; Computer Forensics Tool Catalog
+
=== File System Formats ===
: [http://www.cftt.nist.gov/tool_catalog/ Computer Forensics Tool Catalog]
+
File System Format support is provided by [[dfvfs]].
: The Computer Forensics Tool Catalog provides an easily searchable catalog of forensic tools to enable practitioners to find tools that meet their specific technical needs.
+
  
; Computer Forensics World
+
=== File Formats ===
: http://www.computerforensicsworld.com/
+
* [[Property list (plist)|Binary property list (plist) format]] using [[binplist]]
: Website with online discussion forums relating to computer forensics.
+
* [[Extensible Storage Engine (ESE) Database File (EDB) format]]using [[libesedb]]
 +
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
 +
* [[OLE Compound File]] using [[libolecf]]
 +
* [[Windows Event Log (EVT)]] using [[libevt]]
 +
* [[Windows NT Registry File (REGF)]] using [[libregf]]
 +
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
 +
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
 +
* Syslog
  
; [[Cyberspeak podcast]]
+
<b>TODO expand this list</b>
: [http://cyberspeak.libsyn.com/ Cyberspeak Podcast]
+
: Computer forensics, network security, and computer crime podcast.
+
  
; Digital Forensics Discussion Forum
+
== History ==
: [http://www.multimediaforensics.com/ Digital Forensics Discussion Forum]
+
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]] and other projects.
: A forum for the discussion of computer and digital forensics examinations, certified and non-certified investigators welcome
+
  
; Digital Forensic Research Workshop (DFRWS)
+
== See Also ==
: [http://www.dfrws.org/ Official Website for Digital Forensic Research Workshop]
+
* [[dfvfs]]
: Open forum for research in digital forensic issues, hosting annual meeting and annual forensics challenge.
+
* [[log2timeline]]
  
; E-Evidence Information Centre
+
== External Links ==
: [http://www.e-evidence.info/ E-Evidence Information Centre]
+
* [https://code.google.com/p/plaso/ Project site]
: An online digital forensics bibliography, updated monthly
+
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
 
+
* [http://blog.kiddaland.net/ Project blog]
; FCCU GNU/Linux Forensic Boot CD
+
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]
: [http://www.lnx4n6.be/ Belgian Computer Forensic Website]
+
: Belgian Computer Forensic Website - Forensic Boot CD  - Linux
+
 
+
; Forensic Focus
+
: http://www.forensicfocus.com/
+
: News, blog, forums, and other resources for folks engaged in or interested in digital forensics.
+
 
+
; International Association of Computer Investigative Specialists
+
: [http://www.iacis.info/ International Association of Computer Investigative Specialists]
+
: Volunteer non-profit corporation composed of law enforcement professionals.
+
 
+
; Litilaw Computer Forensics
+
: [http://computer-forensics-litilaw.lexbe.com/ Litilaw Computer Forensics]
+
: Computer forensics article collection.
+
 
+
; MySecured.com
+
: [http://www.MySecured.com/ MySecured.com]
+
: Mobile phone forensics, cellphone related investigation and data analysis site.
+
 
+
; NIST: Secure Hashing
+
: [http://csrc.nist.gov/CryptoToolkit/tkhash.html NIST: Secure Hashing]
+
: The Computer Security Division's (CSD) Security Technology Group (STG) is involved in the development, maintenance, and promotion of a number of standards and guidance that cover a wide range of cryptographic technology.
+
 
+
; National Software Reference Library (NSRL)
+
: [http://www.nsrl.nist.gov/ National Software Reference Library]
+
: The National Software Reference Library (NSRL) collects software from various sources and incorporates file profiles computed from this software into a Reference Data Set (RDS) of information.
+
 
+
; Open Source Digital Forensics
+
: [http://www.opensourceforensics.org  “OpenSourceForensics.org”]
+
: The Open Source Digital Forensics site is a reference for the use of open source software in digital investigations (a.k.a. digital forensics, computer forensics, incident response).
+
 
+
; [University of Delaware]  Computer Forensics Lab
+
: [http://128.175.24.251/forensics/default.htm University of Delaware]  
+
: Computer Forensics Lab Resource Site.
+
 
+
; [University of Rhode Island]  Digital Forensics Center
+
: [http://dfc.cs.uri.edu/ University of Rhode Island]
+
: Computer Forensics Lab Resource Site.
+
 
+
; Forensics Sciences Conference and Exhibition
+
: [http://http://euroforensics.com/]Euroforensics
+
 
+
= Non-Digital Forensics =
+
; NIST Image Group
+
: [http://fingerprint.nist.gov/ NIST Image Group]
+
: Many reports, including the [[NIST]] report on [[AFIS]] [[fingerprint]] testing.
+
 
+
= Wikis =
+
; Forensics Wiki (Russian Language)
+
: [http://www.computer-forensics-lab.org/wiki/ Forensics Wiki in Russian]
+
 
+
= [[Blogs]] =
+
 
+
= [[Journals]] =
+

Revision as of 03:21, 3 June 2014

plaso
Maintainer: Kristinn Gudjonsson, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: code.google.com/p/plaso/

Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating targeted timelines.

The Plaso project site also provides 4n6time, formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by David Nides.

Supported Formats

Storage Media Image File Formats

Storage Medis Image File Format support is provided by dfvfs.

Volume System Formats

Volume System Format support is provided by dfvfs.

File System Formats

File System Format support is provided by dfvfs.

File Formats

TODO expand this list

History

Plaso is a Python-based rewrite of the Perl-based log2timeline initially created by Kristinn Gudjonsson. Plaso builds upon the SleuthKit, libyal and other projects.

See Also

External Links