±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 34628
New Yesterday: 8 Visitors: 194

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

I need some kind of timeline tool. (Windows)

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

I need some kind of timeline tool. (Windows)

Post Posted: Sun Apr 08, 2018 9:09 am

Hello all,

I am a new and first post.

I just wondering what software are analyzing windows artifacts to correctly and many things by timeline.

I've known there are many stuff as we can see vender's product(ADs) of right. But I need parsed data of windows artifacts by timeline.

I've used EnCase, FTK and AXIOM before, they are not useful to analyze user activity by timeline for me. (such as Cloud, SNS, E-mail, Shellbag, NTFS[logfile, usnjrnl], jumplist and prefetch(Win10) of windows)

Could you show me what software suit for me.

Thank you all.  

ryanham
Newbie
 
 
  

Re: I need some kind of timeline tool. (Windows)

Post Posted: Sun Apr 08, 2018 9:45 am

You can try;
log2timeline/plaso: github.com/log2timeline/plaso/wiki
autopsy: www.autopsy.com
Forensic explorer: www.forensicexplorer.c...wnload.php
Artifast: forensafe.com/down/
Belkasoft EC: belkasoft.com

as alternatives.
_________________
"Simplicity is the ultimate sophistication." 

calimelo
Senior Member
 
 
  

Re: I need some kind of timeline tool. (Windows)

Post Posted: Sun Apr 08, 2018 2:05 pm

Checking our timeline analysis based cases from the past I can tell that we got the best results with Belkasoft Evidence Center for this purpose. It's not advertising, it's a fact.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 

passcodeunlock
Senior Member
 
 
  

Re: I need some kind of timeline tool. (Windows)

Post Posted: Mon Apr 09, 2018 1:33 am

Thank you for comments that two of you!

Some foreign software are not useful to treat in Korean and Korean OS,

There are anything else more suitable Korean circumstances?

If Korean product is even better, which one is good?

I'm very considering to buy that things, please give me a light! Idea


Thank you all and God bless you,  

ryanham
Newbie
 
 
  

Re: I need some kind of timeline tool. (Windows)

Post Posted: Mon Apr 09, 2018 9:57 pm

You can see and find that what you said on the site to download

www.keychain.co.kr/keysapce

It is automatic analysis software about windows artifacts such as system, internet, document metadata, cloud, filesystem metadata, account information, eventlog and document indexing.

all of things sort by timeline  

plashcary
Newbie
 
 
  

Re: I need some kind of timeline tool. (Windows)

Post Posted: Tue Apr 10, 2018 9:55 am

I've been assisting with an IR recently, using the tools and techniques described in ch 7 of WFA 4/e, to great effect.  

keydet89
Senior Member
 
 
  

Re: I need some kind of timeline tool. (Windows)

Post Posted: Wed Apr 11, 2018 1:08 am

Great! that is i want it!!!

In my opinion, keyspace is more convenient than other, but he needs more stable.

Anyway thanks for everybody.


Best regard,  

ryanham
Newbie
 
 

Page 1 of 2
Go to page 1, 2  Next