Introducing Plaso

LCDI logo_large

Timeline analysis offers the ability to look at an entire case as a sequential list. The Senator Patrick Leahy Center for Digital Investigation (LCDI) has focused a number of research projects on timeline analysis. This past summer, the LCDI researched the tools associated with timeline creation (insert blog link here) and their specific features. Log2Timeline, written by Kristinn Gudjonsson, has received a lot of praise in the digital forensics community. Recently, Kristinn has ventured to a new project named Plaso.

Plaso is a rework of the Log2timeline framework, which carries many new improvements and features. Plaso is a python rewrite of the framework that Log2timeline runs on, running in the same manner but with a large framework standing behind it and many new pre- and post-processing features.

Figure – Plaso’s new post-processing feature allows raw timeline data to be parsed into a variety of file types.

idk

In this project, we will be testing this new platform across several different platforms, using the previous version of Log2timeline as a control. We will be evaluating the ease of use, functionality, and versatility of Plaso in comparison to the previous version of Log2Timeline. Stay tuned as we post more about the abilities of this tool throughout thes semester!

-Chapin Bryce and Nick Aspinwall