plaso (Plaso Langar Að Safna Öllu) is a Python-based backend engine for the tool log2timeline.
log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.
The initial purpose of plaso was to have the timestamps in a single place for computer forensic analysis (aka Super Timeline).
However plaso has become a framework that supports:
And is moving to support:
The information below is based of version 1.2.0
Storage Media Image File Format support is provided by dfvfs.
Volume System Format support is provided by dfvfs.
File System Format support is provided by dfvfs.