-
Notifications
You must be signed in to change notification settings - Fork 361
Home
Joachim Metz edited this page Feb 14, 2015
·
36 revisions
plaso (Plaso Langar Að Safna Öllu) is a Python-based backend engine for the tool log2timeline.
log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.
The initial purpose of plaso was to have the timestamps in a single place for computer forensic analysis (aka Super Timeline).
However plaso has become a framework that supports:
- adding new parsers or parsing plug-ins;
- adding new analysis plug-ins;
- writing one-off scripts to automate repetitive tasks in computer forensic analysis or equivalent.
And is moving to support:
- adding new general purpose parses/plugins that may not have timestamps associated to them;
- adding more analysis context;
- allowing more targeted approach to the collection/parsing.
Also see:
- Project documentation
- Downloads
- Blog: All things time related....
- Mailing lists:
- For general discussions: log2timeline-discuss
- For development: log2timeline-dev
- log2timeline