±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36779
New Yesterday: 2 Visitors: 116

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

I need some kind of timeline tool. (Windows)

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

ryanham
Newbie
 

I need some kind of timeline tool. (Windows)

Post Posted: Apr 08, 18 15:09

Hello all,

I am a new and first post.

I just wondering what software are analyzing windows artifacts to correctly and many things by timeline.

I've known there are many stuff as we can see vender's product(ADs) of right. But I need parsed data of windows artifacts by timeline.

I've used EnCase, FTK and AXIOM before, they are not useful to analyze user activity by timeline for me. (such as Cloud, SNS, E-mail, Shellbag, NTFS[logfile, usnjrnl], jumplist and prefetch(Win10) of windows)

Could you show me what software suit for me.

Thank you all.  
 
  

passcodeunlock
Senior Member
 

Re: I need some kind of timeline tool. (Windows)

Post Posted: Apr 08, 18 20:05

Checking our timeline analysis based cases from the past I can tell that we got the best results with Belkasoft Evidence Center for this purpose. It's not advertising, it's a fact.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

ryanham
Newbie
 

Re: I need some kind of timeline tool. (Windows)

Post Posted: Apr 09, 18 07:33

Thank you for comments that two of you!

Some foreign software are not useful to treat in Korean and Korean OS,

There are anything else more suitable Korean circumstances?

If Korean product is even better, which one is good?

I'm very considering to buy that things, please give me a light! Idea


Thank you all and God bless you,  
 
  

plashcary
Newbie
 

Re: I need some kind of timeline tool. (Windows)

Post Posted: Apr 10, 18 03:57

You can see and find that what you said on the site to download

www.keychain.co.kr/keysapce

It is automatic analysis software about windows artifacts such as system, internet, document metadata, cloud, filesystem metadata, account information, eventlog and document indexing.

all of things sort by timeline  
 
  

keydet89
Senior Member
 

Re: I need some kind of timeline tool. (Windows)

Post Posted: Apr 10, 18 15:55

I've been assisting with an IR recently, using the tools and techniques described in ch 7 of WFA 4/e, to great effect.  
 
  

ryanham
Newbie
 

Re: I need some kind of timeline tool. (Windows)

Post Posted: Apr 11, 18 07:08

Great! that is i want it!!!

In my opinion, keyspace is more convenient than other, but he needs more stable.

Anyway thanks for everybody.


Best regard,  
 
  

steve862
Senior Member
 

Re: I need some kind of timeline tool. (Windows)

Post Posted: Apr 11, 18 16:03

Hi,

If it hasn't already been mentioned it is worth remembering that times and dates on digital devices can be unreliable.

Steve
_________________
Forensic Computer Examiner, London, UK 
 

Page 1 of 2
Page 1, 2  Next