Developing timeline of forensic artifacts is a great practice. There are several tools like log2timeline, Plaso, commercial tools etc will develop a timeline for you. Today, we are going to discuss about another tool called Timesketch.
Here is the GitHub repo: https://github.com/google/timesketch
The easiest way to get up and running is by using Docker Image. Fortunately, there is already an image of TimeSketch in docker: https://hub.docker.com/r/ilyaglow/timesketch
Another way it to compose docker image on the host itself:
Here is the GitHub repo: https://github.com/google/timesketch
The easiest way to get up and running is by using Docker Image. Fortunately, there is already an image of TimeSketch in docker: https://hub.docker.com/r/ilyaglow/timesketch
Another way it to compose docker image on the host itself:
Timesketch will be up and running on http://127.0.0.1:5000
It'll give you a nice option to upload a CSV file or a Plaso Dump file.
RSS Feed