Plaso – super timeline all the things


Forensics is becoming extremely important for any organization, some of the tasks that should be done after detecting an incident is to understand how the attack was implemented, create the hacking scripts used during the attack, restore and review the timeline of the attack and also to collect artifacts how the incident happened. One of the tool recommended is log2timeline and Plaso.

Over this week new release has been announced for plaso which is a Python-based backend engine for the tool log2timeline that help to extract timestamps from various files found on a typical computer system(s) and aggregate them. The initial purpose of plaso was to have the timestamps in a single place for computer forensic analysis (aka Super Timeline).

Some of the new features added with this release are:

• A parser for the Windows 10 User Timeline database
• Changes to the Chrome history parser to handle new versions of Chrome more effectively
• Plugins for Google Hangouts and Kodi.
• Support for lz4 compressed systemd journal events.

plaso super timeline

plaso super timeline

This tool and more are extremely useful to conduct the timeline analyses and the power is supporting a very large type of datat that we use on our systems to collect events and evidence.

You can read more and download the latest release over this link: