Super timeline all the things
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update pull request template (#2028) Jul 9, 2018
config Moved pylint to separate PPA (#2189) Nov 20, 2018
data Changed end-to-end tests to support Python3 and updated Travis-CI con… Sep 7, 2018
docs Fixed Style Guide grammar (#2192) Nov 7, 2018
plaso Changed Linux preprocessor to ignore comments in lsb-release files (#… Nov 14, 2018
test_data Added ARTIFACT_GROUP support to image_export (#2166) Oct 11, 2018
tests Compound ZIP parser (#2169) Nov 1, 2018
tools Code review: 323990043: Update shebang to work with virtualenvs Mar 29, 2018
utils Changed check dependencies script to return error (#2206) Nov 20, 2018
.gitignore Code review: 325960043: Add Vagrant config for development Jul 5, 2017
.pylintrc Enabled docparams pylint extension. Fixed docstrings in codebase. (#2054 Aug 30, 2018
.travis.yml Changed end-to-end tests to support Python3 and updated Travis-CI con… Sep 7, 2018
ACKNOWLEDGEMENTS Code review: 312670043: Moved preg to stand-alone project #1214 May 12, 2017
AUTHORS Code review: 303610043: Updated version and authors. Sep 18, 2016
CONTRIBUTING.md Code review: 285310043: Changed super class of XLSXOutputModule #393 Feb 3, 2016
LICENSE Code review: 153320043: Changes for project move. Dec 31, 2015
MANIFEST.in Code review: 331810043: Changed sdist to include utils/__init__.py Oct 6, 2017
MANIFEST.test_data.in Code review: 317610043: Changed dependency management to use configur… May 20, 2017
README Code review: 312680043: Updated information in setup.py May 17, 2017
README.md Code review: 338600043: Switched from coveralls to codecov for code c… Mar 24, 2018
appveyor.yml Removed construct as a dependency (#2141) Sep 14, 2018
dependencies.ini Removed construct as a dependency (#2141) Sep 14, 2018
plaso.ini Removed construct as a dependency (#2141) Sep 14, 2018
requirements.txt Removed construct as a dependency (#2141) Sep 14, 2018
run_tests.py Code review: 334530043: Fix serializer for Python 3 and prevent Pytho… Mar 7, 2018
setup.cfg Removed construct as a dependency (#2141) Sep 14, 2018
setup.py Migrated ESE database construct-based plugins to use dtfabric #1893 (#… Sep 10, 2018
tox.ini Code review: 340160043: Added System Resource Usage Monitor (SRUM) ES… Jan 24, 2018

README.md

plaso (Plaso Langar Að Safna Öllu)

super timeline all the things

In short, plaso is a Python-based backend engine for the tool log2timeline.

A longer version

log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.

The initial purpose of plaso was to collect all timestamped events of interest on a computer system and have them aggregated in a single place for computer forensic analysis (aka Super Timeline).

However plaso has become a framework that supports:

  • adding new parsers or parsing plug-ins;
  • adding new analysis plug-ins;
  • writing one-off scripts to automate repetitive tasks in computer forensic analysis or equivalent.

And is moving to support:

  • adding new general purpose parses/plugins that may not have timestamps associated to them;
  • adding more analysis context;
  • tagging events;
  • allowing more targeted approach to the collection/parsing.

Project status

Travis-CI AppVeyor Codecov
Build Status Build status codecov

Also see