log2timeline Since 2009 - SANS

More documents

Recommendations

Info

SANS 2011 Digital Forensics and Incident Response Summit How to Create a Front-‐end? #!/usr/bin/perl use Log2Timeline;; # import the library that contains the log2timeline engine my $l = Log2Timeline->new( => '/mnt/analyze', # point to the file/directory to parse ' => 1, # we want to recursively go through stuf #'hostname' => '', # to include a hostname (done in preprocessing) 'input' => 'winxp', # which input modules to use (this is a Win XP machine) 'output' => 'csv', # what is the output module to be used #'offset' => 0, # the time offset (if the time is wrong) 2996 #'exclusions' => '', # an exclusion list of one exists #'text' => '', # text to prepend to path of files (like c:) #'append' => 0, # we are appending to an output file, instead of writing a new one 'time_zone' => 'CST6CDT', # the time zone of the image 'preprocess' => 1, # turn on pre-processing modules ) or die( 'unable to start log2timeline');; $l->start;; sub print_line($) { my $line = shift;; print $line;; }
SANS 2011 Digital Forensics and Incident Response Summit Pre-‐Processing Gather information prior to running Not associated with timestamps Share information with input modules Two simple modules added Time zone settings and hostname Default browser, both system and user
Page 1 and 2: log2timeline - helping you to creat
Page 3 and 4: SANS 2011 Digital Forensics and Inc
Page 13: SANS 2011 Digital Forensics and Inc
Page 29 and 30: and then what?
Page 37 and 38: Scatter Plots [2139] /WINDOWS/syste

log2timeline Since 2009 - SANS

Create successful ePaper yourself

Delete template?

Save as template?