Timeline Analysis in DFIR, Full Process Explained

Описание: Timeline Analysis is one of the MOST important factor while doing Forensic Analysis on any Disk Image or captured Memory Image. In this episode, we'll take an in-depth look at how to to create a super timeline of events on a computer system most specifically on a memory dump . This is made possible by the automatic parsing of numerous forensic artifacts alongside the extraction of their associated timestamps. The result can be an investigator's dream, providing a single place to look to "find evil" and potentially solve a case. The process isn't without its caveats, but don't worry - we'll cover everything you need to know to get started!

We will also show you some cool scripting by which you can automate the full process of creating the timeline and then map it to a csv format for quick examination with Timeline Explorer tool created by Eric Zimmerman.

🔗LINKs for your requirements-
-------------------------------------------------------------------------------------------------------------------------
1. AutoTimeliner- https://github.com/andreafortuna/auto...
2. Timeline Explorer- https://ericzimmerman.github.io/#!ind...
3. Plaso Documentation- https://plaso.readthedocs.io/en/latest
4. SANS Timeline Template- https://www.sans.org/blog/digital-for...

🔗Related Episodes-
-------------------------------------------------------------------------------------------------------------------------
1. Autopsy-    • Видео  
2. Digital Forensics Case Study-    • Windows Forensics Analysis- Part1, Identif...  

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉   • BlackPerl DFIR  || INCIDENT RESPONSE TRAIN...  
DFIR Free Tools and Techniques 👉    • BlackPerl DFIR || DFIR Tools and Techniques  
Windows and Memory Forensics 👉    • BlackPerl DFIR || Windows and Memory Foren...  
Malware Analysis 👉    • BlackPerl DFIR || Malware Analysis Series  
SIEM Tutorial 👉    • BlackPerl DFIR || Learn SIEM with me & Cre...  
Threat Hunt & Threat Intelligence 👉    • BlackPerl DFIR || Threat Hunt & Threat Int...  

⌚
Timelines
-------------------------------------------------------------------------------------------------------------------------
0:00 ⏩ Introduction
1:04 ⏩ Why it is important
2:44 ⏩ Manual Timeline Creation
8:00 ⏩ Timeline Explorer
11:58 ⏩ Automate the Process
15:27 ⏩ SANS Timeline Excel Format
16:20 ⏩ Summarize

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn:   / blackperl  
✔ You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: https://github.com/archanchoudhury
✔ Insta: (blackperl_dfir)  / blackperl_dfir  
✔ Can be reached via [email protected]

SUPPORT BLACKPERL
-------------------------------------------------------------------------------------------------------------------------
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝
➡️ SUBSCRIBE, Share, Like, Comment
☕ Buy me a Coffee 👉 https://www.buymeacoffee.com/BlackPerl
📧 Sponsorship Inquiries: [email protected]

-------------------------------------------------------------------------------------------------------------------------
🙏 Thanks for watching!! Be CyberAware!! 🤞