Skip to content

unforensicate/plaso

 
 

Repository files navigation

plaso (Plaso Langar Að Safna Öllu)

super timeline all the things

In short, plaso is a Python-based backend engine for the tool log2timeline.

A longer version

log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.

The initial purpose of plaso was to collect all timestamped events of interest on a computer system and have them aggregated in a single place for computer forensic analysis (aka Super Timeline).

However plaso has become a framework that supports:

  • adding new parsers or parsing plug-ins;
  • adding new analysis plug-ins;
  • writing one-off scripts to automate repetitive tasks in computer forensic analysis or equivalent.

And is moving to support:

  • adding new general purpose parses/plugins that may not have timestamps associated to them;
  • adding more analysis context;
  • tagging events;
  • allowing more targeted approach to the collection/parsing.

Project status

Travis-CI AppVeyor Codecov
Build Status Build status codecov

Also see

About

Super timeline all the things

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 98.9%
  • Shell 0.8%
  • PowerShell 0.3%
  • Dockerfile 0.0%
  • Ruby 0.0%
  • Makefile 0.0%