Hi...new to the site and hope this is an appropriate forum for this post...
For the DFIR folks here or those that like to collect data dumps: What tools & process do you use for organizing, examining, quantifying, etc. the data (typically in CSV format)?
If the answer is Excel, that's fine though please share specifics. Trying to help an org that found a bunch of their stuff online and there is a lot to sort through and trying to estimate scope of impact and such. Thanks in advance.
Check out Eric Zimmerman's Timeline Explorer
Hi!
(I am representing the company but will try to be objective, I hope that is ok, there is a free trial for you to judge yourself)
Â
Paliscope YOSE. https://www.paliscope.com/products/yose/ was built for the purpose of getting a dump of data, make everything searchable, regardless of file format, and extract textual and visual intelligence using NLP and visual "AI tech".
You can search for anything in the material or browse through the extracted intelligence in the "Intelligence Center" and from there get to the source/file where the intelligence was extracted from.
The latest version will auto-detect the content in columns of CSV files and associate the content to different entities which makes it possible to build link graphs and run trace-analytics etc over the content.
Â
There is a free trial or ping me a message if you (or anyone reading this post) want to try it out.
Â
Best
Christian Berg
