Autotimeliner tool will automagically extract forensic timeline from volatile memory dumps.
(Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5)
AutoTimeline automates this workflow:
Simply clone the GitHub repository:
git clone https://github.com/andreafortuna/autotimeliner.git
autotimeline.py [-h] -f IMAGEFILE [-t TIMEFRAME] [-p CUSTOMPROFILE]
optional arguments:
-h, –help show this help message and exit
-f IMAGEFILE, –imagefile IMAGEFILE
Memory dump file
-t TIMEFRAME, –timeframe TIMEFRAME
Timeframe used to filter the timeline (YYYY-MM-DD
..YYYY-MM-DD)
-p CUSTOMPROFILE, –customprofile CUSTOMPROFILE
Jump image identification and use a custom memory
profile
Extract timeline from TargetServerMemory.raw, limited to a timeframe from 2018-10-17 to 2018-10-21:
./autotimeline.py -f TargetServerMemory.raw -t 2018-10-17..2018-10-21
Extract timeline from all images in current directory, limited to a timeframe from 2018-10-17 to 2018-10-21:
./autotimeline.py -f ./*.raw -t 2018-10-17..2018-10-21
Extract timeline from TargetServerMemory.raw, using a custom memory profile:
./autotimeline.py -f TargetServerMemory.raw -p Win2008R2SP1x64
All timelines will be saved as $ORIGINALFILENAME-timeline.csv.
AutoExif is a powerful Bash script designed to streamline the process of editing image metadata…
SimpleImager V4.3, your go-to tool for streamlined system imaging and data acquisition. Designed to simplify…
MetaOSINT enables open source intelligence ("OSINT") practitioners to jumpstart their investigations by quickly identifying relevant,…
ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website.…
Myself and any other potential contributors to this website are NOT in any way affiliated…
The Mobile Evidence Acquisition Toolkit designed by BlackStone Discovery. Developed to enhance digital forensics, this…