PHASE: Plaso/Log2Timeline50% COMPLETION
MODULE 14
Timeline Analysis
Creating a super-timeline (Plaso) to reconstruct the entire incident.
Plaso/Log2Timeline
Plaso creates a unified timeline from multiple artifact sources.
log2timeline.py timeline.plaso evidence.dd
psort.py -o l2tcsv -w timeline.csv timeline.plaso
psort.py -o l2tcsv -w timeline.csv timeline.plaso