forked from log2timeline/plaso
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
31 lines (23 loc) · 1.13 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
plaso (Plaso Langar Að Safna Öllu) - super timeline all the things
In short, plaso is a Python-based backend engine for the tool log2timeline.
A longer version:
log2timeline is a tool designed to extract timestamps from various files found
on a typical computer system(s) and aggregate them.
The initial purpose of plaso was to collect all timestamped events of interest
on a computer system and have them aggregated in a single place for computer
forensic analysis (aka Super Timeline).
However plaso has become a framework that supports:
* adding new parsers or parsing plug-ins;
* adding new analysis plug-ins;
* writing one-off scripts to automate repetitive tasks in computer forensic
analysis or equivalent.
And is moving to support:
* adding new general purpose parses/plugins that may not have timestamps
associated to them;
* adding more analysis context;
* tagging events;
* allowing more targeted approach to the collection/parsing.
Also see:
* log2timeline: http://plaso.kiddaland.net/usage/log2timeline/
* Project documentation: http://plaso.kiddaland.net/
* Downloads: https://googledrive.com/host/0B30H7z4S52FleW5vUHBnblJfcjg/