Bug#792335: ITP: plaso -- super timeline all the things
Hilko Bengen
bengen at debian.org
Tue Jul 14 06:25:19 UTC 2015
Package: wnpp
Owner: Hilko Bengen <bengen at debian.org>
Severity: wishlist
* Package name : plaso
Version : 1.2.0
Upstream Author : Kristinn Gudjonsson, Joachim Metz, Daniel White
* URL or Web page : http://plaso.kiddaland.net/
* License : Apache-2.0
Description : super timeline all the things
Plaso (plaso langar að safna öllu) is the Python based back-end engine
used by tools such as log2timeline for automatic creation of a super
timelines. The goal of log2timeline (and thus plaso) is to provide a
single tool that can parse various log files and forensic artifacts
from computers and related systems, such as network equipment to
produce a single correlated timeline. This timeline can then be easily
analysed by forensic investigators/analysts, speeding up
investigations by correlating the vast amount of information found on
an average computer system.
Plaso depends on Python bindings for a number of separate packages by
Joachim Metz for parsing specific file or disk formats. Debian does
contain of those libraries but none of the Python bindings yet: libbde
libesedb libevt libevtx libewf libfwsi liblnk libmsiecf libolecf libqcow
libregf libsmdev libsmraw libvhdi libvmdk libvshadow.
More information about the forensics-devel
mailing list