Tag: timelines


The Importance of Dual Tool Verification

Those of us working in the Digital Forensics and Incident Response realm rely on tools to harvest data for analysis, not to mention to perform the actual analysis. Let’s be honest: Without tools, we would have a dickens of a time doing our jobs. Unfortunately, this had led to examiners having an inherent high level[…]


Time for an Autopsy!

Autopsy Introduction Greetings! Destruct_Icon here with a look into a forensics tool named Autopsy. Autopsy is a GUI into a suite of tools known as The Sleuth Kit and can be found here. In this article, we want to introduce you to the interface itself as well as describe some of the capabilities. First off, we have a[…]


MACtime Forensics

:MACtime Forensics: Timestamps are a critical part of forensics. It takes a skilled forensicator to examine all pertinent data available to them in order to find key evidence and provide an accurate timeline of events. The timestamps we will be discussing are the MACB timestamps. M – Modified Time A – Accessed Time C –[…]


PLASO – Google and Timelines

by Destruct_Icon
Categories: Analysis, Host Forensics
Tags: , , , , ,
Comments: Leave a Comment

PLASO – When Google Met Timelines Many moons ago (ok, not that many moons ago) log2timeline was the go to source for easily building a timeline from a forensics image. Log2timeline is an amazing application that builds out a timeline perspective of an image using any timestamps it can identify. This is done through a[…]

Today is Monday