As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this video introduces Plaso and Log2Timeline. Log2Timeline is designed to extract forensic data from a computer system and aggregate it for analysis, and Plaso is the Python-based backend engine that powers the tool.

You’ll take a look at the major changes in Plaso Heimdall (20170930), and see the minor changes incorporated in version 20171118. Then, you’ll jump over to a Linux system and create a timeline for a Windows 10 image. Lastly, you’ll analyze the resulting Excel spreadsheet created by the tool and look at the wealth of information available to an examiner. If you’re new to forensic timelines, and/or are curious about Plaso Heimdall, you’ll quickly learn why the “super timelines” created by these tools are a critical asset to modern day forensics.

Load More Related Articles
  • iOS 11 Isn’ t All Fun and Games

    SANS instructors Heather Mahalik and Domenica “Lee” Crognale discuss iOS 11 me…
  • LNK Files and Jump Lists

    Richard Davis continues his “Introduction to Windows Forensics” series. This v…
  • Amateur Digital Archeology

    “‘Digital Archeology’ is actually the name of a Digital Forensics text b…
Load More In Videos

Leave a Reply

Your email address will not be published. Required fields are marked *