timesketch
hindsight
Our great sponsors
timesketch | hindsight | |
---|---|---|
2 | 8 | |
2,485 | 1,014 | |
1.2% | - | |
8.7 | 5.3 | |
1 day ago | about 1 month ago | |
Python | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
timesketch
-
Custom DFIR
Want to put those processed plaso files in an elasticsearch instance check out Timesketch - https://github.com/google/timesketch.
- Any Timeline self hosted types of software?
hindsight
-
Saving cached telegram messages from Edge
I guess it would work like any Chromium cache so first make a backup of your data %AppData%\Local\Microsoft\Edge\User Data\Default\ and use https://github.com/obsidianforensics/hindsight Telegram is encrypted so I don't know how this is going to be readable.
- Browser Login Data Dates Earlier than Laptop Date
- Lost/Erased Monsters in Vault Recovered - Chrome - GiffyGlyph's Monster Maker
-
QQT Browser History in CS for Detections at LEAST !?!? WIP ;)
Invoke-WebRequest -Uri "https://github.com/obsidianforensics/hindsight/releases/download/v2021.12/hindsight.exe" -OutFile "C:\windows\Temp\ftech_temp\hindsight.exe"
-
Forensic Tools for Browser Data
Try hindsight https://github.com/obsidianforensics/hindsight. If it fails due to the file being damaged try sqlitebrowser https://sqlitebrowser.org/dl/. If all else fails strings it!
- Forensic script ideas?
-
Evidence/ artifact for clearing chrome history?
There is a tool called Hightsight which used to pull this data out. Article about using it here. Although the emphasis is on used to pull this out. I haven't used that technique in years and I suspect it might not work on modern Chrome.
-
Help reading Chrome History file from 2010
Hindsight (https://github.com/obsidianforensics/hindsight) should be able to parse every version of Chrome, including the early ones (2009/2010).
What are some alternatives?
plaso - Super timeline all the things
Sending your docker logs - Sending logs from docker containers to Logit.io
WELA - WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
RELY - RELY (Name composed on project members Romy, Esther, Lucille and Yassir) is a python tool developed to help a Digital Forensics Triage procedure on some Microsoft Windows devices.
TimelineJS - TimelineJS: A Storytelling Timeline built in JavaScript.
Logstash - Logstash - transport and process your logs, events, or other data
beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
chrome_password_grabber - Get unencrypted 'Saved Password' from Google Chrome
mac_apt - macOS (& ios) Artifact Parsing Tool
woanware.github.io
MalConfScan - Volatility plugin for extracts configuration data of known malware
turbinia - Automation and Scaling of Digital Forensics Tools