I need some kind of...
 
Notifications
Clear all

I need some kind of timeline tool. (Windows)

12 Posts
9 Users
0 Likes
2,050 Views
(@ryanham)
Posts: 3
New Member
Topic starter
 

Hello all,

I am a new and first post.

I just wondering what software are analyzing windows artifacts to correctly and many things by timeline.

I've known there are many stuff as we can see vender's product(ADs) of right. But I need parsed data of windows artifacts by timeline.

I've used EnCase, FTK and AXIOM before, they are not useful to analyze user activity by timeline for me. (such as Cloud, SNS, E-mail, Shellbag, NTFS[logfile, usnjrnl], jumplist and prefetch(Win10) of windows)

Could you show me what software suit for me.

Thank you all.

 
Posted : 08/04/2018 3:09 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

Checking our timeline analysis based cases from the past I can tell that we got the best results with Belkasoft Evidence Center for this purpose. It's not advertising, it's a fact.

 
Posted : 08/04/2018 8:05 pm
(@ryanham)
Posts: 3
New Member
Topic starter
 

Thank you for comments that two of you!

Some foreign software are not useful to treat in Korean and Korean OS,

There are anything else more suitable Korean circumstances?

If Korean product is even better, which one is good?

I'm very considering to buy that things, please give me a light! idea

Thank you all and God bless you,

 
Posted : 09/04/2018 7:33 am
(@plashcary)
Posts: 2
New Member
 

You can see and find that what you said on the site to download

www.keychain.co.kr/keysapce

It is automatic analysis software about windows artifacts such as system, internet, document metadata, cloud, filesystem metadata, account information, eventlog and document indexing.

all of things sort by timeline

 
Posted : 10/04/2018 3:57 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I've been assisting with an IR recently, using the tools and techniques described in ch 7 of WFA 4/e, to great effect.

 
Posted : 10/04/2018 3:55 pm
(@ryanham)
Posts: 3
New Member
Topic starter
 

Great! that is i want it!!!

In my opinion, keyspace is more convenient than other, but he needs more stable.

Anyway thanks for everybody.

Best regard,

 
Posted : 11/04/2018 7:08 am
steve862
(@steve862)
Posts: 194
Estimable Member
 

Hi,

If it hasn't already been mentioned it is worth remembering that times and dates on digital devices can be unreliable.

Steve

 
Posted : 11/04/2018 4:03 pm
(@cmontiel05)
Posts: 3
New Member
 

Hi Ryanham,

Just came across this old post and Im unsure if you found the solution needed or not. I have used a program called W4 from Vound. This has a really good way of showing the artifacts in a timeline type view. They call it the Events view. It also allows you to add notes to describe each artifact, and it can all be exported into a report.

 
Posted : 29/10/2019 6:37 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Hi Ryanham,

Just came across this old post and Im unsure if you found the solution needed or not. I have used a program called W4 from Vound. This has a really good way of showing the artifacts in a timeline type view. They call it the Events view. It also allows you to add notes to describe each artifact, and it can all be exported into a report.

Maybe - just maybe - it would be appropriate that you disclose that you are connected to Vound (IF you are connected to them), possibly adding in your signature such info (from your profile)

Web Site http//Vound-Software
Occupation I.T - Technical Support Engineer

Otherwise there is the risk that your posts, seemingly "detached"

I have used a program called W4 from Vound.

They call it the Events view.

appear like astroturfing (
https://en.wikipedia.org/wiki/Astroturfing

jaclaz

 
Posted : 31/10/2019 9:25 am
(@eugenebelk)
Posts: 16
Active Member
 

Here is a detailed guide covering the corresponding capabilities of Belkasoft Evidence Center https://belkasoft.com/windows-10-timeline-analysis

 
Posted : 05/11/2019 12:47 pm
Page 1 / 2
Share: