plaso - plaso - Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines
Plaso (plaso langar að safna öllu) is the Python based back-end engine
used by tools such as log2timeline for automatic creation of a super
timelines. The goal of log2timeline (and thus plaso) is to provide a
single tool that can parse various log files and forensic artifacts from
computers and related systems, such as network equipment to produce a
single correlated timeline. This timeline can then be easily analysed by
forensic investigators/analysts, speeding up investigations by correlating
the vast amount of information found on an average computer system.
Auxiliary goal of plaso is to provide forensic analysts and tool makers
powerful libraries that they can use to access, find, read and parse
various files within disk images to create their own tools, or to adjust
log2timeline to their own workflow, instead of relying on the workflow
provided by log2timeline.py.
by Lawrence R. Rogers (2019-05-06):
* Release 20190331-2
This is the Python 3 version of plaso for Fedora 26-30 and
Python 2 in a virtual environment for CentOS/RHEL 7 and Fedora 24-25.