Difference between revisions of "Plaso"
Joachim Metz (Talk | contribs) (Created page with "{{Infobox_Software | name = plaso | maintainer = Kristinn Gudjonsson, Joachim Metz, Eric Mak, David Nides | os = Linux, Mac OS X, Windows | ...") |
Joachim Metz (Talk | contribs) |
||
| Line 12: | Line 12: | ||
== Supported Formats == | == Supported Formats == | ||
| − | == Image File Formats == | + | === Image File Formats === |
* [[Raw Image Format]] | * [[Raw Image Format]] | ||
| − | == Volume System Formats == | + | === Volume System Formats === |
* [[Windows Shadow Volumes]] using [[libvshadow]] | * [[Windows Shadow Volumes]] using [[libvshadow]] | ||
| − | == File System Formats == | + | === File System Formats === |
* uses [[sleuthkit]] and [[pystk3]] | * uses [[sleuthkit]] and [[pystk3]] | ||
| − | == File Formats == | + | === File Formats === |
* [[Internet Explorer History File Format]] (also known as MSIE 4-9 Cache Files or index.dat) using [[libmsiecf]] | * [[Internet Explorer History File Format]] (also known as MSIE 4-9 Cache Files or index.dat) using [[libmsiecf]] | ||
* [[Windows Event Log (EVT)]] using [[libevt]] | * [[Windows Event Log (EVT)]] using [[libevt]] | ||
Revision as of 01:01, 10 May 2013
| plaso | |
|---|---|
| Maintainer: | Kristinn Gudjonsson, Joachim Metz, Eric Mak, David Nides |
| OS: | Linux, Mac OS X, Windows |
| Genre: | Analysis |
| License: | Template:APL2 |
| Website: | code.google.com/p/plaso/ |
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system.
Contents |
Supported Formats
Image File Formats
Volume System Formats
File System Formats
File Formats
- Internet Explorer History File Format (also known as MSIE 4-9 Cache Files or index.dat) using libmsiecf
- Windows Event Log (EVT) using libevt
- Windows NT Registry File (REGF) using libregf
- Windows Shortcut File (LNK) format using liblnk
- Windows XML Event Log (EVTX) using libevtx
- Syslog
History
Plaso is a Python-based rewrite of the Perl-based log2timeline initially created by Kristinn Gudjonsson. Plaso builds upon the SleuthKit and libyal.
It comes bundled with 4n6time, formally "l2t_Review", a cross-platform forensic tool for timeline creation and review, by David Nides.
