NBTempoX – Timelines Forensic Tool

NBTempoX is a GNU-Linux X86-64bit forensic tool for making timelines (in CSV format) from block devices image files (raw, ewf,physicaldrive, etc.)

NBTempoX - Timelines Forensic Tool
NBTempoX – Timelines Forensic Tool

The tool will use TSK (The Sleuthkit https://www.sleuthkit.org/) and it is developed in Delphi compatible cross-platform IDE. in the general setup user may select the following options:

  • Generate PDF Report
  • Calculate Time Line Hash (MD5)
  • Use “Timeline” instead of “TL” prefix in CSV output file name
  • Use examiner name in CSV output file name
  • Use case name in CSV output file name
  • Use <Imagename> in CSV output file name

User may choose image file (raw or EWF) also the multiple image file name can be given if the image split into several segment.

The tool can be used during Incident response and you can find it included with Caine Forensics distribution.  You can read more and download this tool over here: https://github.com/esperti/nbtempox

Share