Tag Archives: Log2Timeline

Introducing Plaso

LCDI logo_large

Timeline analysis offers the ability to look at an entire case as a sequential list. The Senator Patrick Leahy Center for Digital Investigation (LCDI) has focused a number of research projects on timeline analysis. This past summer, the LCDI researched the tools associated with timeline creation (insert blog link here) and their specific features. Log2Timeline, written by Kristinn Gudjonsson, has received a lot of praise in the digital forensics community. Recently, Kristinn has ventured to a new project named Plaso. Continue reading

Closer Look at Log2Timeline

Log2Timeline is an open source tool developed by Kristinn Gudjonsson focused on creating timelines with the purpose of digital forensic examination. With its ability to perform cross platform, it has become increasingly popular and bundled with open source forensic tools. The forensic distributions SIFT and TAPEWORM come with log2timeline preinstalled and set as primary tools on their systems. SIFT has a branched version of Log2Timeline that automates the creation of a supertimeline in the command line, while TAPEWORM uses log2timeline but places a custom graphic interface that simplifies the command for the end user. In addition to Linux distributions, Log2timeline also runs on Microsoft Windows via the command line. Continue reading