PTK DFLabs
Follow DFLabs on twitter Follow DFLabs on YouTube

border_sx   Italian  Russian border_dx

PTK section:

New Articles rss

  • 2010-07-21 - Robust Process Scanner in PTK Forensics: done!

  • 2010-06-01 - Meet the PTK team at The Sleuth Kit and Open Source Digital Forensics Conference

  • 2010-05-14 - SANS Investigative Forensic Toolkit e PTK Forensics: made simple!

  • 2010-04-26 - DFLabs PTK Forensics new version is available Thru SANS Institute's SIFT Virtual Machine

  • 2010-04-24 - New PTK and IncMan suite Video Available for your demo purposes.

  • 2010-02-20 - New DFLabs YoutTube Channel.

  • 2010-02-04 - PTK Forensics: New Webinar session.

  • 2010-02-01 - PTK Forensics, the new website is online.

  • 2009-11-14 17:31:11 - New PTK roadmap

  • 2009-09-30 14:10:01 - DFLabs is proud to announce that the data carving is available

Validator:

Valid XHTML 1.0 Transitional
CSS Valido!

Timeline

 

The disk timeline helps investigators to focus their attention on all changes done during a determined time interval. It visualizes the temporal succession of all activities that took place on the file, both allocated and unallocated: these activities are tracked through metadata analysis known as MACB time (Modification, Access, Creation, Birth).



There are two timeline types:



  • TAB : fields that can be ordered, file analysis and export features
  • GRAPHIC: the trend on file of all actions on the file.



The latter is a powerful tool that enables the visualization of access peaks, modifications and creations.

The timeline uses primarily two tools:

  • Live Search: dls + srch_strings + grep
  • Data gathered from live search: ifind + istat + grep




  main search host

 

  main search host