In this episode, we'll take an in-depth look at how to install and use Plaso/Log2Timeline to create a super timeline of events on a computer system. This is made possible by the automatic parsing of numerous forensic artifacts alongside the extraction of their associated timestamps. The result can be an investigator's dream, providing a single place to look to "find evil" and potentially solve a case. The process isn't without its caveats, but don't worry - we'll cover everything you need to know to get started!

*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***

📖 Chapters

00:00 - Intro
03:55 - Installing Plaso/Log2Timeline
05:41 - Using log2timeline.py
19:49 - Using pinfo.py
22:02 - Using psort.py
27:51 - Using psteal.py
30:25 - Reviewing Results in Timeline Explorer
36:53 - Recap

🛠 Resources

Plaso Documentation:
[ Ссылка ]

Installing Plaso on Ubuntu:
[ Ссылка ]

AboutDFIR's Timeline Explorer Guide:
[ Ссылка ]

#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics

свернуть