forked from log2timeline/plaso
-
Notifications
You must be signed in to change notification settings - Fork 2
/
README
40 lines (29 loc) · 1.63 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Plaso (Plaso Langar Að Safna Öllu) - super timeline all the things
Plaso (Plaso Langar Að Safna Öllu), super timeline all the things, is a
Python-based engine used by several tools for automatic creation of timelines.
Plaso default behavior is to create super timelines but it also supports
creating more targeted timelines.
These timelines support digital forensic investigators/analysts, to correlate
the large amount of information found in logs and other files found on an
average computer.
A longer version:
The initial purpose of Plaso was to collect all timestamped events of interest
on a computer system and have them aggregated in a single place for computer
forensic analysis (aka Super Timeline).
However Plaso has become a framework that supports:
* adding new parsers or parsing plug-ins;
* adding new analysis plug-ins;
* writing one-off scripts to automate repetitive tasks in computer forensic analysis or equivalent.
And is moving to support:
* adding new general purpose parses/plugins that may not have timestamps associated to them;
* adding more analysis context;
* tagging events;
* allowing more targeted approach to the collection/parsing.
Also see:
* Homepage: https://github.com/log2timeline/plaso
* Downloads: https://github.com/log2timeline/plaso/releases
* Documentation: https://plaso.readthedocs.io
* Contact information:
* Plaso channel on Open Source DFIR Slack community: https://github.com/open-source-dfir/slack
* Mailing list for general discussions: https://groups.google.com/forum/#%21forum/log2timeline-discuss
* Mailing list for development: https://groups.google.com/forum/#%21forum/log2timeline-dev