- Timeline creation wizard
- Robust filtering
- Event tagging, bookmarking, and (auto)highlighting like eDiscovery tools
- Interactive graphical representation of events
- File viewing, hashing, and exporting via data source (i.e. linking timeline to disk image or mount point)
- Basic reporting and charting
- Appending timelines from multiple data sources (cross-host timeline analysis)
- Ability to save work product back into timeline storage files
Friday, December 14, 2012
After what feels like a year of “not having a life”… I am happy to announce 4n6time :-)
4n6time, formally "l2t_Review", is a free, cross-platform forensic tool for timeline creation and review. Since 4n6time is powered by Kristinn Gudjonsson’s amazing plaso engine, formally log2timeline, users can now create, with a mouse, a raw timeline storage file from a disk image. Once a timeline has been created, it can be outputted to a 4n6time database (sqlite). Using 4n6time, you can then start review with the ability to filter, highlight, sort, tag, bookmark, and search on common data fields. Also included are basic reporting features as well as the ability to export subsets of data back into the CSV and timeline storage files.
Here are some highlights of 4n6time:
For more information check out the work in progress UserGuide, my blog, or go download an OSX or Windows binary from the Google Code page. Binaries for Linux an SIFT will also be released soon.