Notifications
Clear all

Windows 10 Timeline

16 Posts
7 Users
0 Likes
2,976 Views
LeGioN
(@legion)
Posts: 51
Trusted Member
Topic starter
 

I could not see any posts here about the new Windows 10 update with the Timeline-function.. But I was curious to hear if anyone has any experience/thoughts about it? )

https://www.digitaltrends.com/computing/windows-10-timeline-hands-on/

Where would one find this information on the computer I wonder? )

 
Posted : 06/04/2018 10:35 am
(@tootypeg)
Posts: 173
Estimable Member
 

hmmm, this interests me. Alot!

 
Posted : 06/04/2018 1:07 pm
LeGioN
(@legion)
Posts: 51
Trusted Member
Topic starter
 

hmmm, this interests me. Alot!

Glad I am not the only one that finds this fascinating D
Seems to me that there is possible goldmine of information right there..
Would love to test myself, but the update is being rolled out on Tuesday and I am unfortunately away doing a training course next week. @

 
Posted : 06/04/2018 1:27 pm
(@tootypeg)
Posts: 173
Estimable Member
 

im going to be all over this lol lol

 
Posted : 06/04/2018 1:56 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Thank you for alerting the forum to this new development.

In my civil practice, the attorneys I am working for ideally want a single document review database tool that can make a timeline out of not only email based activity, but text messages, phone calls, etc.

In ediscovery, a common challenge is defining a "master date sort" database field by which all evidence included in a particular discovery database such as Relativity (www.relativity.com) can be sorted chronologically.

Emails have Sent Date/Received Date dates
Word files have Created Date/Last Accessed Date/Last Modified Date date values

So, the question is, what metadata date values is Microsoft using to generate their new Timeline feature???

For application usage, I believe metadata dates would be stored and culled from the Windows Registry.

Tools such as NUIX will process electronic discovery, meaning create a searchable index of electronic native files.

However, NUIX, nor any other tool I am familiar with, will automatically generate a "Master Date Sort Field" culled from all of the types of evidence ingested into a given Nuix database.

Our practice is to use a script to copy the desired metadata date values from each given database record Nuix has generated (such as pulling the Sent date or Received date from emails and pulling the Last Modified date from loose Office type files (Word/Excel/PDF/PPT/etc)) and then combining the desired metadata date values into a custom "Master Date Sort Field" which is then incorporated into the Relativity native review load files we export from NUIX.

To see Relativity native review load file metadata fields Page 5 Addendum A here https://www.sec.gov/divisions/enforce/datadeliverystandards.pdf

You will see on the SEC's excellent load file specification, there is no "Master Date Sort Field" because, from my experience, neither forensic nor ediscovery tools automatically generate a "Master Date Sort Field".

 
Posted : 06/04/2018 5:30 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Tools such as NUIX will process electronic discovery, meaning create a searchable index of electronic native files.

However, NUIX, nor any other tool I am familiar with, will automatically generate a "Master Date Sort Field" culled from all of the types of evidence ingested into a given Nuix database.

Have you contacted your SC or sales rep? It's possible that the functionality is there (I'm assuming that as you've mentioned ediscovery that you're using WRA, not Workbench), or that it can be easily scripted.

HTH

 
Posted : 06/04/2018 8:41 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Definitely one can create a script in NUIX to create a custom "Master Date Sort" field to be included in Relativity load file exports.

However, my point is that one's choice of which metadata fields to include in a "Master Date Sort" field seems to be subjective and requiring expert consultation (do we include email sent date or email received date? do we include Last Modified / Last Accessed or Date Created for Office type files? What specific date values does one include for execution of applications?

Our practice has chosen fields and made a script to create a "Master Date Sort" field for our exports, but I am curious how the Microsoft developers created the new Windows Timeline feature.

To create a timeline, one must have date values, which can be culled from the Windows registry and other locations such as date and time stamps pulled from Skype's main.db contained in an iOS mobile backup).

Hopefully this addresses the original poster's question, "Where would one find this information on the computer I wonder?"

 
Posted : 07/04/2018 5:22 pm
(@tootypeg)
Posts: 173
Estimable Member
 

is this feature currently available then or is Tuesday (as u mentioned) the first we will see of this? I don't have access to a win10 machine yet to validate but after some googling - has this be available for a good while?

 
Posted : 07/04/2018 8:40 pm
LeGioN
(@legion)
Posts: 51
Trusted Member
Topic starter
 

A bit delayed.. But the timeline update is finally out )

https://www.pcworld.com/article/3263905/windows/windows-10-how-to-use-timeline.html

 
Posted : 02/05/2018 6:10 am
pr3cur50r
(@pr3cur50r)
Posts: 28
Eminent Member
 

I had a very quick poke around this weekend

https://salt4n6.wordpress.com/2018/05/05/windows-10-timeline-forensic-artefacts/

 
Posted : 06/05/2018 11:13 am
Page 1 / 2
Share: