Join Us!

I need some kind of...
 
Notifications
Clear all

I need some kind of timeline tool. (Windows)  

  RSS
ryanham
(@ryanham)
New Member

Hello all,

I am a new and first post.

I just wondering what software are analyzing windows artifacts to correctly and many things by timeline.

I've known there are many stuff as we can see vender's product(ADs) of right. But I need parsed data of windows artifacts by timeline.

I've used EnCase, FTK and AXIOM before, they are not useful to analyze user activity by timeline for me. (such as Cloud, SNS, E-mail, Shellbag, NTFS[logfile, usnjrnl], jumplist and prefetch(Win10) of windows)

Could you show me what software suit for me.

Thank you all.

Quote
Posted : 08/04/2018 4:09 pm
passcodeunlock
(@passcodeunlock)
Senior Member

Checking our timeline analysis based cases from the past I can tell that we got the best results with Belkasoft Evidence Center for this purpose. It's not advertising, it's a fact.

ReplyQuote
Posted : 08/04/2018 9:05 pm
ryanham
(@ryanham)
New Member

Thank you for comments that two of you!

Some foreign software are not useful to treat in Korean and Korean OS,

There are anything else more suitable Korean circumstances?

If Korean product is even better, which one is good?

I'm very considering to buy that things, please give me a light! idea

Thank you all and God bless you,

ReplyQuote
Posted : 09/04/2018 8:33 am
plashcary
(@plashcary)
New Member

You can see and find that what you said on the site to download

www.keychain.co.kr/keysapce

It is automatic analysis software about windows artifacts such as system, internet, document metadata, cloud, filesystem metadata, account information, eventlog and document indexing.

all of things sort by timeline

ReplyQuote
Posted : 10/04/2018 4:57 am
keydet89
(@keydet89)
Community Legend

I've been assisting with an IR recently, using the tools and techniques described in ch 7 of WFA 4/e, to great effect.

ReplyQuote
Posted : 10/04/2018 4:55 pm
ryanham
(@ryanham)
New Member

Great! that is i want it!!!

In my opinion, keyspace is more convenient than other, but he needs more stable.

Anyway thanks for everybody.

Best regard,

ReplyQuote
Posted : 11/04/2018 8:08 am
steve862
(@steve862)
Active Member

Hi,

If it hasn't already been mentioned it is worth remembering that times and dates on digital devices can be unreliable.

Steve

ReplyQuote
Posted : 11/04/2018 5:03 pm
cmontiel05
(@cmontiel05)
New Member

Hi Ryanham,

Just came across this old post and Im unsure if you found the solution needed or not. I have used a program called W4 from Vound. This has a really good way of showing the artifacts in a timeline type view. They call it the Events view. It also allows you to add notes to describe each artifact, and it can all be exported into a report.

ReplyQuote
Posted : 29/10/2019 6:37 pm
jaclaz
(@jaclaz)
Community Legend

Hi Ryanham,

Just came across this old post and Im unsure if you found the solution needed or not. I have used a program called W4 from Vound. This has a really good way of showing the artifacts in a timeline type view. They call it the Events view. It also allows you to add notes to describe each artifact, and it can all be exported into a report.

Maybe - just maybe - it would be appropriate that you disclose that you are connected to Vound (IF you are connected to them), possibly adding in your signature such info (from your profile)

Web Site http//Vound-Software
Occupation I.T - Technical Support Engineer

Otherwise there is the risk that your posts, seemingly "detached"

I have used a program called W4 from Vound.

They call it the Events view.

appear like astroturfing (
https://en.wikipedia.org/wiki/Astroturfing

jaclaz

ReplyQuote
Posted : 31/10/2019 9:25 am
EugeneBelk
(@eugenebelk)
New Member

Here is a detailed guide covering the corresponding capabilities of Belkasoft Evidence Center https://belkasoft.com/windows-10-timeline-analysis

ReplyQuote
Posted : 05/11/2019 12:47 pm
jaclaz
(@jaclaz)
Community Legend

Here is a detailed guide covering the corresponding capabilities of Belkasoft Evidence Center https://belkasoft.com/windows-10-timeline-analysis

And - to be fair - some info from EugeneBelk's progile
https://www.forensicfocus.com/Your_Account/profile=EugeneBelk/

Web Site https://belkasoft.com
Occupation Marketing Manager

jaclaz

ReplyQuote
Posted : 05/11/2019 2:15 pm
kastajamah
(@kastajamah)
Member

This looks like a decent program. I have not used this product, but I have used Vound's Intella for email analysis. I have been very happy with it.

https://www.vound-software.com/w4

ReplyQuote
Posted : 06/11/2019 4:06 pm
Share: