Tag Archives: Chapin bryce

Introducing Plaso

LCDI logo_large

Timeline analysis offers the ability to look at an entire case as a sequential list. The Senator Patrick Leahy Center for Digital Investigation (LCDI) has focused a number of research projects on timeline analysis. This past summer, the LCDI researched the tools associated with timeline creation (insert blog link here) and their specific features. Log2Timeline, written by Kristinn Gudjonsson, has received a lot of praise in the digital forensics community. Recently, Kristinn has ventured to a new project named Plaso. Continue reading

Blogging from the GMU 2013 Computer Crime & Digital Forensics Training

Chapin Bryce, one of our interns has gone to the GMU GMU 2013 Computer Crime & Digital Forensics Training conference for the week.  While he is there, he will be blogging about the different presentations he has the pleasure of sitting in on.  For more information about the conference, visit their site: http://www.rcfg.org/gmu/ Continue reading

Painting a Timeline with EnCase

Blog27It has been busy at the LCDI, and we have been focusing on the timeline feature in EnCase and Forensic Tool Kit. Since we have looked into Log2Timeline already, it is hard to compare these other tools that are not as focused on timeline creation as the task specific open source tool is. With that said, here are our findings on timeline capabilities of EnCase and Forensic Tool Kit. Continue reading

EnScripted Timelines

This week the timelines project has taken a shift from the popular Log2Timeline framework to look into other options for timeline creation across other forensic tools. With a focus on EnCase for this stage of the project, the timeline features of EnCase 6.19 and EnCase 7 will be under evaluation for comparison. In addition to the bundled EnCase timeline creation features we will also be evaluating an EnScript known for it’s timeline creation ability, Geoff Black’s Timeline Report v1.8.1. Continue reading

Closer Look at Log2Timeline

Log2Timeline is an open source tool developed by Kristinn Gudjonsson focused on creating timelines with the purpose of digital forensic examination. With its ability to perform cross platform, it has become increasingly popular and bundled with open source forensic tools. The forensic distributions SIFT and TAPEWORM come with log2timeline preinstalled and set as primary tools on their systems. SIFT has a branched version of Log2Timeline that automates the creation of a supertimeline in the command line, while TAPEWORM uses log2timeline but places a custom graphic interface that simplifies the command for the end user. In addition to Linux distributions, Log2timeline also runs on Microsoft Windows via the command line. Continue reading