Getting Started with Plaso and Log2Timeline - Forensic Timeline Creation
In this episode, we'll take an in-depth look at how to install and use Plaso/Log2Timeline to create a super timeline of events on a computer system. This is made possible by the automatic parsing of numerous forensic artifacts alongside the extraction of their associated timestamps. The result can be an investigator's dream, providing a single place to look to "find evil" and potentially solve a case. The process isn't without its caveats, but don't worry - we'll cover everything you need to know to get started!
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
📖 Chapters
00:00 - Intro
03:55 - Installing Plaso/Log2Timeline
05:41 - Using log2timeline.py
19:49 - Using pinfo.py
22:02 - Using psort.py
27:51 - Using psteal.py
30:25 - Reviewing Results in Timeline Explorer
36:53 - Recap
🛠 Resources
Plaso Documentation:
https://plaso.readthedocs.io/en/latest
Installing Plaso on Ubuntu:
https://plaso.readthedocs.io/en/lates...
AboutDFIR's Timeline Explorer Guide:
https://aboutdfir.com/toolsandartifac...
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Watch video Getting Started with Plaso and Log2Timeline - Forensic Timeline Creation online without registration, duration hours minute second in high quality. This video was added by user 13Cubed 08 September 2020, don't forget to share it with your friends and acquaintances, it has been viewed on our site 29,50 once and liked it 54 people.