Blog Entries.

There are often entries on the SANS blog: see here. (n.b. this link may be updated and therefore be broken.

• Blog post about log2timeline and SIFT.
• Plugin creation.
• A must read blog post from Rob Lee about log2timeline usage.
• A great blog post from David Nides about hybrid approach to timeline analysis.
• A great cheat sheet for log2timeline by David Nides.
• Using Tapetry to analyze log2timeline data
• Using Splunk to analyze log2timeline data
• USB history and log2timeline
• HOWTO switch from sources to apt-get in SIFT
• Discussions about the changes made in version 0.50
• Timeline Analysis 101
• Chris discussing timescanner
• Chris discussing log2timeline
• Paul discussing log2timeline and Encase
• Paul discussing log2timeline
• Rob Lee talkin about supertimeline creation
• Talk about the sol input module, for flash cookies
• Release of version 0.41 as well as talk about the update of Firefox input module
• Talk about the newly added Google Chrome's history
• Discussion of new version, 0.41 as well as Firefox bookmarks
• Discussion about new input modules in version 0.41
• Timeline Visualization
• Part two of the blog post on the SANS forensic blog, solving the hypothetical case
• Blog post on the SANS forensic blog, introducing the tool as well as a hypothetical case (the analysis itself is contained in the next post)
• First blog post about the subject (using version 0.12b)