plaso
plaso copied to clipboard
log2timeline
Super timeline all the things
Some open source research: https://inc0x0.com/2018/10/windows-10-notification-database/
Continuation of https://github.com/log2timeline/plaso/issues/4169 - [x] Add support for resource files stored as: - relative path "system32\..." - as "$(runtime.system32)" or "$(runtime.windows)" - https://github.com/log2timeline/plaso/pull/4773 - [x] Add support for WEVT_TEMPLATE .mun...
Currently Cisco ASA Logfiles cannot be processed. See example file attached. [cisco_ASA_example.log](https://github.com/log2timeline/plaso/files/11452716/cisco_ASA_example.log)
## One line description of pull request Chrome:cache:entry events only consist of url + time. I wanted to add some richness to that ## Description: I wanted to include some...
## One line description of pull request Added text parser plugin for AnyDesk Activity Log (ad.trace) ## Description: Parse and generates event data for each line in the ad.trace log...
## One line description of pull request Add new tag in data/tag_windows.txt to "application_execution". ## Description: Add new tag in data/tag_windows.txt to "application_execution": - Event "Microsoft-Windows-Program-Compatibility-Assistant" id 17 : ```...
## One line description of pull request Adds support for the CRI text log format seen in GKE. ## Description: **Related issue (if applicable):** fixes #4616 ## Notes: All contributions...
**Description of problem:** Log2timline is missing file size for the Firefox Downloads. **Source** The places.sqlite file contains this data int the moz_annos table. **Plaso version:** 20190429 **Operating system Plaso is...
See Nicole Ibrahim's presentation: "Windows Forensics: Event Trace Logs", presented at the SANS 2018 DFIR Summit. (Posted at https://www.sans.org/summit-archives/file/summit_archive_1528388048.pdf)
