Links and thoughts
I haven’t put any new content to the site for a while, but I recently posted two new blogs on the SANS forensic blog and instead of re-posting them here, I’m just going to link to them. The first one is an introduction into log2timeline and a hypothetical case that we are going to solve, using log2timeline. The second part deals with the usage of log2timeline and the subsequent analysis of the hypothetical case.
I’ve also started to write a GIAC gold paper about log2timeline and timeline analysis, which will probably mean fewer blog posts here for a while, or more timeline related posts in the near future.
What I’m working on now is to create a GUI for log2timeline, just a small one for those that prefer to point-and-click instead of using the CLI. And I would also like to create another GUI, which would be a visual representation of the timeline. This is a very difficult subject, since there really isn’t any easy way to represent a timeline in a visual format that would suite all types of investigation, the entries that really matters often are in the form of a single entry, buried among thousands of irrelevant lines. So my original thoughts would simple be to create a GUI that represents the timeline in a list form, and then provide a mechanism to filter out irrelevant entries, but I wanted to know if someone else out there has any ideas how they would like to represent them visually? Please comment on this post if you have any thoughts on the subject.