A log file parser that produces a body file used to create timelines (for forensic investigations).
log2timeline takes a log file (or a directory) and parses it to produce a body file that can be imported into other tools for timeline analysis. The tool has both a modular based approach to the input file as well as the output file. The current version supports exporting the timeline in a several different body formats. log2timeline is build as a series of scripts, this one being the front-end, which uses other scripts to actually parse the log files (called format files). The tool is build to be easily extended for anyone that wants to create a new format or an output file. As noted above the default output mechanism is in a CSV file format, which can be easily imported into spreadsheet applications, and parsed by the tool l2t_process. The output format can be easily changed with the -o parameter. The output module can be set to output in a body format that needs to be imported into another tool for human readable format, or it can be implemented to print the timeline directly in a human readable format. The tool is build using multiple so called input modules. Each of those input modules provide a single format that can be parsed, whether that is a log file or a directory containing some files that need to be parsed. The purpose of the tool is to provide a single tool to parse various artifacts that are either produced by the suspsect operating system or other systems that might have some logs retaining to the investigation.
-
Links to security:forensics / log2timeline
-
Download package
Source Files
(show merged sources derived from linked package)
Filename | Size | Changed | Actions |
---|---|---|---|
_link | 0000000126126 Bytes | 1410665868over 3 years ago | ![]() |
log2timeline.changes | 000002311322.6 KB | 1349366140over 5 years ago | ![]() |
log2timeline.spec | 00000048304.72 KB | 1349366141over 5 years ago | ![]() |
log2timeline_0.65.tgz | 0000579325566 KB | 1349212072over 5 years ago | ![]() |