Generating Computer Forensic Super Timelines under Linux: A Comprehensive Guide for Windows-based Disk Images

Abstract

This technical memorandum examines the basics surrounding computer forensic filesystem timelines and provides an enhanced approach to generating superior timelines for improved filesystem analysis and contextual awareness. Timelines are improved by polling multiple sources of information across the filesystem resulting in an approach that is surprisingly flexible and customizable. The timeline is further enhanced by incorporating key time-based metadata found across a disk image which, when taken as a whole, increases the forensic investigators understanding.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2011
Accession Number
AD1003976

Entities

People

  • C. Bean
  • Richard Carbone

Tags

DTIC Thesaurus Topics

  • Computational Forensics
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Graphical User Interface
  • Information Systems
  • Intrusion Detection
  • Intrusion Detectors
  • Malware
  • Operating Systems
  • Scripting Languages
  • Shell Scripts
  • Web Browsers

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Systems Analysis and Design