Skip to content
Super timeline all the things
Python Shell PowerShell Dockerfile Ruby Makefile
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Added release github issue template (#2494) Jun 28, 2019
config Updated version for release (#2750) Sep 16, 2019
data Improved and refactored setupapi parser #2717 (#2718) Sep 2, 2019
docs Updated documentation for removal of Fedora 28 support on COPR (#2728) Sep 3, 2019
plaso Updated version for release (#2750) Sep 16, 2019
test_data Added parser for vsftpd logs (#2703) Aug 11, 2019
tests Improved and refactored setupapi parser #2717 (#2718) Sep 2, 2019
tools Added validation for parser and plugin names #2691 (#2694) Jul 8, 2019
utils Changes to dependency check for lzma #2503 (#2523) Jun 28, 2019
.gitignore Added Visual Studio Code files to gitignore (#2650) Jun 28, 2019
.pylintrc Changes to run CI tests with pylint 2.x and removed Trusty CI tests (#… Jun 28, 2019
.travis.yml Updated Travis CI tests to use Fedora 30 docker image (#2716) Jul 15, 2019
ACKNOWLEDGEMENTS Code review: 312670043: Moved preg to stand-alone project #1214 May 12, 2017
AUTHORS Updated version and AUTHORS (#2266) Dec 20, 2018
CONTRIBUTING.md Updated URLs to point to new documentation #2245, #2220 (#2247) Dec 10, 2018
LICENSE Code review: 153320043: Changes for project move. Dec 31, 2015
MANIFEST.in Changes for sdist and sdist_test_data build target (#2446) Jun 28, 2019
MANIFEST.test_data.in Changes for sdist and sdist_test_data build target (#2446) Jun 28, 2019
README Updated URLs to point to new documentation #2245, #2220 (#2247) Dec 10, 2018
README.md Updated URLs to point to new documentation #2245, #2220 (#2247) Dec 10, 2018
appveyor.yml Replaced xml.etree by defusedxml #2652 (#2653) Jun 28, 2019
dependencies.ini Changed PE parser to use dfVFS data slice #2714 (#2715) Jul 15, 2019
plaso.ini Applied updates and added Fedora Core CI tests (#2334) Jun 28, 2019
requirements.txt Changed PE parser to use dfVFS data slice #2714 (#2715) Jul 15, 2019
run_tests.py Changed Shebangs to Python3 (#2451) Jun 28, 2019
setup.cfg Changed PE parser to use dfVFS data slice #2714 (#2715) Jul 15, 2019
setup.py Changed PE parser to use dfVFS data slice #2714 (#2715) Jul 15, 2019
test_dependencies.ini Changes for deployment, added test_dependencies.ini and applied updat… Nov 27, 2018
test_requirements.txt Migrated tox tests to Bionic on Docker (#2363) Jun 28, 2019
tox.ini Migrated tox tests to Bionic on Docker (#2363) Jun 28, 2019

README.md

plaso (Plaso Langar Að Safna Öllu)

super timeline all the things

In short, plaso is a Python-based backend engine for the tool log2timeline.

A longer version

log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.

The initial purpose of plaso was to collect all timestamped events of interest on a computer system and have them aggregated in a single place for computer forensic analysis (aka Super Timeline).

However plaso has become a framework that supports:

  • adding new parsers or parsing plug-ins;
  • adding new analysis plug-ins;
  • writing one-off scripts to automate repetitive tasks in computer forensic analysis or equivalent.

And is moving to support:

  • adding new general purpose parses/plugins that may not have timestamps associated to them;
  • adding more analysis context;
  • tagging events;
  • allowing more targeted approach to the collection/parsing.

Project status

Travis-CI AppVeyor Codecov ReadTheDocs
Build Status Build status codecov Documentation Status

Also see

You can’t perform that action at this time.