Praetorian503 Posted February 15, 2013 Report Posted February 15, 2013 Description: Forensic Timeline Analysis is to put together actions and events sequentially and chronologically. Construction and presentation of timelines has become critical investigative method to solve complex issues. To a great extent Timeline Analysis is a bit complicated technique to understand, and digital environment has different and unique challenges. Timestamps can be found in various time formats and they are presented or stored with various interpretations. Timeline building techniques are getting evolved and have changed the way an analyst can approach to the cases. With this discussion we will take a deep dive through details about timeline basics through role of timeline analysis in solving cases such as USB Device Activities, Intrusion/Malware analysis and Intellectual property theft artifacts etc. During the session we will discuss about methodologies on how to start building a timeline and the Granular Approach vs Kitchen Sink.Timeline Analysis includes methods using easily accessible tools and frameworks. Using this technique we gain much more information that cannot be obtained with Traditional techniques such as only MAC (Modified, Access, and Change) times from a file system. To achieve the goal we will take a deep dive into timestamps associated with· Web Server such as Apache/IIS· Browser Activity such as IE History/Chrome/Firefox· Windows Event Timestamps, Generic Linux Logs· Windows Registry, Prefecth, Recycle bin, Restore Points· Windows Shortcuts (.lnk)· USB Device Activity· PDF, Office Files Metadata Timestamps· Flash Cookies or Adobe Local Shared Objects· Live Memory Timestamps· Antivirus, ISA log, Firewall timestamps· Squid Proxy· Network Packet DumpsDisclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Source: Nullcon Delhi 2012: Forensics Timeline Analysis - By Ashish Kunte Quote
