Difference between pages "Upcoming events" and "Plaso"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Calls For Papers)
 
m (File formats)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{Infobox_Software |
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
  name = plaso |
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience. Such restrictions should be noted when known.</i>
+
  maintainer = [[Kristinn Gudjonsson]], [[Joachim Metz]] |
 +
  os = [[Linux]], [[Mac OS X]], [[Windows]] |
 +
  genre = {{Analysis}} |
 +
  license = {{APL}} |
 +
  website = [https://code.google.com/p/plaso/ code.google.com/p/plaso/] |
 +
}}
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating [http://blog.kiddaland.net/2013/02/targeted-timelines-part-i.html targeted timelines].
  
This listing is divided into three sections (described as follows):<br>
+
The Plaso project site also provides [[4n6time]], formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by [[David Nides]].
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
  
== Calls For Papers ==
+
== Supported Formats ==
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
=== Storage Media Image File Formats ===
|- style="background:#bfbfbf; font-weight: bold"
+
Storage Medis Image File Format support is provided by [[dfvfs]].
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
|-
+
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
+
|Sep 02, 2013 (abstract)
+
|Sep 09, 2013 (abstract)<br>Dec 30, 2013 (final paper)
+
|http://academic-conferences.org/iciw/iciw2014/iciw14-call-papers.htm
+
|-
+
|IFIP WG 11.9 International Conference on Digital Forensics
+
|Sep 15, 2013
+
|Oct 15, 2013
+
|http://www.ifip119.org/Conferences/WG11-9-CFP-2014.pdf
+
|-
+
|}
+
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
=== Volume System Formats ===
 +
Volume System Format support is provided by [[dfvfs]].
  
== Conferences ==
+
=== File System Formats ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
File System Format support is provided by [[dfvfs]].
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|Symposium On Usable Privacy and Security (SOUPS)
+
|Jul 24-26<br>Newcastle, United Kingdom
+
|http://cups.cs.cmu.edu/soups/2013/
+
|-
+
|BlackHat USA
+
|Jul 27-Aug 01<br>Las Vegas, NV
+
|https://www.blackhat.com/us-13/
+
|-
+
|DFRWS 2013
+
|Aug 04-07<br>Monterey, CA
+
|http://dfrws.org/2013
+
|-
+
|Regional Computer Forensics Group GMU 2013
+
|Aug 05-09<br>Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '13)
+
|Aug 12<br>Washington, DC
+
|https://www.usenix.org/conferences?page=1
+
|-
+
|8th USENIX Workshop on Hot Topics in Security (HotSec '13)
+
|Aug 13<br>Washington, DC
+
|https://www.usenix.org/conferences?page=1
+
|-
+
|22nd USENIX Security Symposium - USENIX Security '13
+
|Aug 14-16<br>Washington, DC
+
|https://www.usenix.org/conference/usenixsecurity13
+
|-
+
|6th International Workshop on Digital Forensics (WSDF 2013)
+
|Sep 02-06<br>Regensburg, Germany
+
|http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=49&Itemid=95
+
|-
+
|2013 HTCIA International Conference & Training Expo
+
|Sep 08-11<br>Summerlin, NV
+
|http://www.htciaconference.org/
+
|-
+
|New Security Paradigms Workshop (NSPW)
+
|Sep 09-12<br>The Banff Center, Canada
+
|http://www.nspw.org/current/
+
|-
+
|Black Hat-Regional Summit
+
|Sep 10-12<br>Istanbul, Turkey
+
|https://www.blackhat.com/is-13/
+
|-
+
|French-Speaking Days on Digital Investigations-Journées Francophones de l'Investigation Numérique (AFSIN)
+
|Sep 10-12<br>Neuchâtel, Switzerland
+
|https://www.afsin.org/
+
|-
+
|5th International Conference on Digital Forensics & Cyber Crime
+
|Sep 25-27<br>Moscow, Russia
+
|http://d-forensics.org/2013/show/home
+
|-
+
|VB2013 - the 23rd Virus Bulletin International Conference
+
|Oct 02-04<br>Berlin, Germany
+
|http://www.virusbtn.com/conference/vb2013/index
+
|-
+
|8th International Conference on Malicious and Unwanted Software
+
|Oct 22-24<br>Fajardo, Puerto Rico, USA
+
|http://www.malwareconference.org/index.php?option=com_frontpage&Itemid=1
+
|-
+
|16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
+
|Oct 23-25<br>St. Lucia
+
|http://www.raid2013.org/
+
|-
+
|5th International Workshop on Managing Insider Security Threats
+
|Oct 24-25<br>Busan, South Korea
+
|http://isyou.info/conf/mist13/index.htm
+
|-
+
|4th Annual Open Source Digital Forensics Conference (OSDF)
+
|Nov 04-05<br>Chantilly, VA
+
|http://www.basistech.com/about-us/events/open-source-forensics-conference/
+
|-
+
|Paraben Forensic Innovations Conference
+
|Nov 13-15<br>Salt Lake City, UT
+
|http://www.pfic-conference.com/
+
|-
+
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
+
|Nov 21-22<br>Hong Kong, China
+
|http://conf.ncku.edu.tw/sadfe/sadfe13/
+
|-
+
|Black Hat-Regional Summit
+
|Nov 26-27<br>Sao Paulo, Brazil
+
|https://www.blackhat.com/sp-13
+
|-
+
|29th Annual Computer Security Applications Conference (ACSAC)
+
|Dec 09-13<br>New Orleans, LA
+
|http://www.acsac.org
+
|-
+
|IFIP WG 11.9 International Conference on Digital Forensics
+
|Jan 08-10<br>Vienna, Austria
+
|http://www.ifip119.org/Conferences/
+
|-
+
|AAFS 66th Annual Scientific Meeting
+
|Feb 17-22<br>Seattle, WA
+
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
+
|-
+
|21st Network & Distributed System Security Symposium
+
|Feb 23-26<br>San Diego, CA
+
|http://www.internetsociety.org/events/ndss-symposium-2014/
+
|-
+
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
+
|Mar 24-25<br>West Lafayette, IN
+
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
+
|-
+
|2014 IEEE Symposium on Security and Privacy
+
|May 16-23<br>Berkley, CA
+
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
+
|-
+
|Techno-Security and Forensics Conference
+
|Jun 01-04<br>Myrtle Beach, SC
+
|http://www.techsec.com/html/Security%20Conference%202014.html
+
|-
+
|Mobile Forensics World
+
|Jun 01-04<br>Myrtle Beach, SC
+
|http://www.techsec.com/html/MFC-2014-Spring.html
+
|-
+
|}
+
  
==See Also==
+
=== File formats ===
* [[Training Courses and Providers]]
+
<b>TODO expand this list</b>
==References==
+
 
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
* Apple System Log (ASL)
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
* Basic Security Module (BSM)
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
* Bencode files
 +
* [[Google Chrome|Chrome cache files]]
 +
* [[Extensible Storage Engine (ESE) Database File (EDB) format]] using [[libesedb]]
 +
* [[Internet Explorer History File Format]] (also known as MSIE 4 - 9 Cache Files or index.dat) using [[libmsiecf]]
 +
* Java IDX
 +
* [[OLE Compound File]] using [[libolecf]]
 +
* [[Property list (plist)|Property list (plist) format]] using [[binplist]]
 +
* SQLite databases
 +
* Syslog
 +
* [[Windows Event Log (EVT)]] using [[libevt]]
 +
* [[Windows NT Registry File (REGF)]] using [[libregf]]
 +
* [[LNK|Windows Shortcut File (LNK) format]] using [[liblnk]]
 +
* [[Windows XML Event Log (EVTX)]] using [[libevtx]]
 +
 
 +
=== Bencode file formats ===
 +
* Transmission
 +
* uTorrent
 +
 
 +
=== ESE database file formats ===
 +
* Internet Explorer WebCache format
 +
 
 +
=== OLE Compound File formats ===
 +
* Document summary information
 +
* Summary information (top-level only)
 +
 
 +
=== Property list (plist) formats ===
 +
<b>TODO expand this list</b>
 +
* Airport
 +
* Apple Account
 +
* iPod/iPhone
 +
* Install History
 +
* Mac User
 +
* Software Update
 +
* Spotlight
 +
* Spotlight Volume Information
 +
* Timemachine
 +
 
 +
=== SQLite database file formats ===
 +
* Android call logs
 +
* Android SMS
 +
* Chrome cookies
 +
* Chrome browsing and downloads history
 +
* Firefox browsing and downloads history
 +
* Google Drive
 +
* Launch services quarantine events
 +
* MacKeeper
 +
* Mac OS X document versions
 +
* Skype
 +
* Zeitgeist activity
 +
 
 +
=== Windows Registry formats ===
 +
<b>TODO expand this list</b>
 +
* AppCompatCache
 +
* CCleaner
 +
* MountPoints2
 +
* MSIE Zone
 +
* MSIE Zone Software
 +
 
 +
== History ==
 +
Plaso is a Python-based rewrite of the Perl-based [[log2timeline]] initially created by [[Kristinn Gudjonsson]]. Plaso builds upon the [[SleuthKit]], [[libyal]], [[dfvfs]] and various other projects.
 +
 
 +
== See Also ==
 +
* [[dfvfs]]
 +
* [[log2timeline]]
 +
 
 +
== External Links ==
 +
* [https://code.google.com/p/plaso/ Project site]
 +
* [https://sites.google.com/a/kiddaland.net/plaso/home Project documentation]
 +
* [http://blog.kiddaland.net/ Project blog]
 +
* [https://sites.google.com/a/kiddaland.net/plaso/usage/4n6time 4n6time]

Revision as of 03:39, 3 June 2014

plaso
Maintainer: Kristinn Gudjonsson, Joachim Metz
OS: Linux, Mac OS X, Windows
Genre: Analysis
License: APL
Website: code.google.com/p/plaso/

Plaso (plaso langar að safna öllu) is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline (and thus plaso) is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network equipment to produce a single correlated timeline. This timeline can then be easily analysed by forensic investigators/analysts, speeding up investigations by correlating the vast amount of information found on an average computer system. Plaso is intended to be applied for creating super timelines but also supports creating targeted timelines.

The Plaso project site also provides 4n6time, formerly "l2t_Review", which is a cross-platform forensic tool for timeline creation and review by David Nides.

Supported Formats

Storage Media Image File Formats

Storage Medis Image File Format support is provided by dfvfs.

Volume System Formats

Volume System Format support is provided by dfvfs.

File System Formats

File System Format support is provided by dfvfs.

File formats

TODO expand this list

Bencode file formats

  • Transmission
  • uTorrent

ESE database file formats

  • Internet Explorer WebCache format

OLE Compound File formats

  • Document summary information
  • Summary information (top-level only)

Property list (plist) formats

TODO expand this list

  • Airport
  • Apple Account
  • iPod/iPhone
  • Install History
  • Mac User
  • Software Update
  • Spotlight
  • Spotlight Volume Information
  • Timemachine

SQLite database file formats

  • Android call logs
  • Android SMS
  • Chrome cookies
  • Chrome browsing and downloads history
  • Firefox browsing and downloads history
  • Google Drive
  • Launch services quarantine events
  • MacKeeper
  • Mac OS X document versions
  • Skype
  • Zeitgeist activity

Windows Registry formats

TODO expand this list

  • AppCompatCache
  • CCleaner
  • MountPoints2
  • MSIE Zone
  • MSIE Zone Software

History

Plaso is a Python-based rewrite of the Perl-based log2timeline initially created by Kristinn Gudjonsson. Plaso builds upon the SleuthKit, libyal, dfvfs and various other projects.

See Also

External Links