Results 1 to 5 of 5

Thread: New stuff

  1. #1
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672

    New software

    A new version of Helix is available. 7-28-2005 if you don't have it yet.


    There is also a new tool on the block, released by the Purdue Forensics team(You know..where Carrier started)
    The tool is Zeitline, a java based timeline viewer and editor for TSK's fls and ils commands. It's pretty cool, you guys should check it out.

    http://www.cerias.purdue.edu/homes/f...s/timeline.php
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  2. #2
    Zeitline looks promising. Thanks for the link!


  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    For example, the three events ``access program gcc'', ``access file x'' and ``access library y'' could be grouped together into a super event by an investigator labeled ``compile program x'', which in turn could be part of another super event ``install rootkit z''.
    I havn't run the application yet, but on a busy workstation it just seems to me that finding something would be trying to find a needle in a haystack.

    What would be interesting to see would be this application incorporating some other well known Linux forensic tools, to create a sort of suite, with the timeline at the core.
    ...This Space For Rent.

    -[WebCarnage]

  4. #4
    Junior Member
    Join Date
    Jan 2004
    Posts
    12
    Yo Hogfly thanks for the link I can't wait to used.

  5. #5
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Originally posted here by [WebCarnage]
    I havn't run the application yet, but on a busy workstation it just seems to me that finding something would be trying to find a needle in a haystack.

    What would be interesting to see would be this application incorporating some other well known Linux forensic tools, to create a sort of suite, with the timeline at the core.
    The idea is that It incorporates in to TSK and autopsy. ie; it takes the output of fls(from TSK) and puts it in a gui timeline that can be used to create "super events" . It's alpha right now..so there is still lots of work to be done, but be sure that since it's from Florian at CERIAS and carrier is from CERIAS..the two will play nicely.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •