Generating Computer Forensic Super Timelines under Linux: A Comprehensive Guide for Windows-based Disk Images
Defence Research and Defence Canada - Valcartier Quebec, Quebec
Pagination or Media Count:
This technical memorandum examines the basics surrounding computer forensic filesystem timelines and provides an enhanced approach to generating superior timelines for improved filesystem analysis and contextual awareness. Timelines are improved by polling multiple sources of information across the filesystem resulting in an approach that is surprisingly flexible and customizable. The timeline is further enhanced by incorporating key time-based metadata found across a disk image which, when taken as a whole, increases the forensic investigators understanding.