log2timeline
I haven’t had a time to publish a blog for a while but I wanted to let people know of the new tool I just wrote (still a Beta release), log2timeline.
This is a collection of Perl scripts (with one front-end) that parse different log files and artifacts (mostly Windows artifacts for now) to create a body file that can be modified into a timeline using tools such as mactime (from TSK).
The tool’s web site is log2timeline.net and from there you can download the tool and take a look at the man page. The web site is quite rough, not a very pretty one, but does what it is supposed to do. I will start publishing blogs on this site showing the usability of the tool, how it can be used to assist investigators to build a more accurate timeline of events. But for now, I will just post the link to the tool and let you test it out. The man page of the tool as well as the README file should explain the functionality as well as future plans for the tool.