Summary
In this chapter, we discussed, in detail, timeline creation and timeline analysis with open source and commercial forensic tools. We took an in-depth look at utilizing the commercial forensic tool, X-Ways Forensics, and the open source plaso framework for log2timeline
. We also touched upon using the kitchen sink approach or using a targeted examination of the dataset. Remember, we are not analyzing the contents of files, just the timelines associated with the files and other events contained within the operating system and filesystems.
In the next chapter, we will discuss the contents of files, specifically, Windows artifacts.