Skip to content
/ timeliner Public

PoC to have an automatic timeliner from hdd files

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DvAu26/timeliner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
README.md
README.md
 
 
file_test.py
file_test.py
 
 
plaseur.py
plaseur.py
 
 
prelevement.py
prelevement.py
 
 
rechercheur.py
rechercheur.py
 
 
timeliner.py
timeliner.py
 
 
timemem.py
timemem.py
 
 

Repository files navigation

Timeliner

PoC to have an automatic timeliner from hdd files and windows memory dump

Support just DOS/MBR magic type and the volatility memory dump capabilities.

Install

Tested with Ubuntu 18.04 LTS updated and upgraded with 4Go and 2 procs

You have to install volatility from the official github and try it !

That will be updating to take all supported files by log2timeline

You just have to create 3 directories and update this constants (file_test.py):

IN OUT END MEM NOK

IN -> Put your own dd file or memory dump OUT -> you will have your plaso files and csv files (hdd and memory) END -> Moving the file at the end of the thread. MEM -> Moving the file at the end of the memory thread. NOK -> Moving the unsupported files

Using

python3 file_test.py

Next step

  • Voltility extractor with 2 directories (dump and csv)
  • Better dispatcher (rechercheur.py) class
  • elif (timemem.py)
  • and others ;)

About

PoC to have an automatic timeliner from hdd files

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages