How To Speed Up Your Investigation With Enriched Timeline Capabilities

Welcome to Binalyze AIR Feature Highlights. My name is Emre Tinaztepe, and today I will demonstrate the timeline feature of Binalyze AIR and the CSV import feature for further enrichment of this timeline.

You can name many solutions that can create a timeline, starting from the traditional forensic solutions to open source command-line utilities. These are all great, but you need something much faster and easier to use when it comes to timeline creation in the quickest way possible. That was the motivation behind creating the Timeline feature in AIR. 

Before demonstrating the enrichment with the CSV file, let’s first create a new timeline.

Graphical user interface, application

Description automatically generated
Graphical user interface, application

Description automatically generated

We will provide a unique name for this investigation and select a time zone so all events that AIR will collect from these endpoints will align and normalize to the selected timezone. In the following step, we will choose a number of endpoints that we want to extract events from, and click on “Create.”

By clicking create, you immediately assign a task to these endpoints to collect all relevant events and import them in a unified timeline. In around three to five minutes, the entire created timeline will appear in your AIR dashboard.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Graphical user interface, application, Teams

Description automatically generated

The great thing about the timeline feature is that it is collaborative so that multiple investigators can work on the same timeline simultaneously. Whenever they flag an event, it will be immediately visible to the other investigators. 

All flagged events will appear in the flag section, which proves as a handy feature in the reporting phase.

CSV Import

Suppose you would like to enrich this timeline further by adding other endpoints. You can do that easily by clicking on the “Endpoint” button and selecting needed endpoints from the available list. 

Graphical user interface, application

Description automatically generated

With the latest AIR version,  we have extended this capability by adding support for custom CSV files. So now, we will enrich this timeline by using this new capability.

Graphical user interface, text, application

Description automatically generated

We will add a CSV file and import all the events from the file into the timeline in just four steps. For demonstration purposes, we will be using an MFT.

In the first stage, AIR shows a preview of the file format. So, when you click “Next,” you need to provide a mapping between the CSV columns to the timeline event properties. In the third step, optionally, you can filter your data by importing all records, by date, or by the number of records. Finally, you will see a preview of how the events will look when you import them into your timeline. 

Once you click on “Import,” it will start processing the CSV file. As soon as you complete importing the file, you can simply click on “Go to timeline,” and it will bring you to the enriched timeline to start investigating.

That was all for today. I hope you enjoyed it.

You can try the enriched Timeline feature here.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:51 pm

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:39 pm

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_SE7Cl5jkigk

Maximising Data Collection With SaaS Innovations

Forensic Focus 10th June 2024 12:42 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles