Document Type

Article

Publication Date

3-2019

Subject: LCSH

Computer crimes--Investigation, Cyber forensics

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering

Abstract

Crimes involving digital evidence are getting more complex due to the increasing storage capacities and utilization of devices. Event reconstruction (i.e., understanding the timeline) is an essential step for investigators to understand a case where a prominent tool is Log2Timeline (a tool that creates super timelines which is a combination of several log files and events throughout a system). While these timelines provide great evidence and help to understand a case, they are complex and require tools as well as training scenarios. In this paper we present Timeline2GUI an easy-to-use python implementation to analyze CSV log files create by Log2Timeline. Additionally, we present three training scenarios – beginner, intermediate and advanced – to practice timeline analysis skills as well as familiarity with visualization tools. Lastly, we provide a comprehensive overview of tools.

Comments

This is the authors' accepted version of the article published in Digital Investigation. The version of record can be found at http://dx.doi.org/10.1016/j.diin.2018.12.004

DOI

10.1016/j.diin.2018.12.004

Publisher Citation

Debinski, Mark, Frank Breitinger, and Parvathy Mohan. "Timeline2GUI: A Log2Timeline CSV parser and training scenarios." Digital Investigation (2018). Volume 28, March 2019, Pages 34-43.

Download

Check your library

Share

COinS