Automating Log / Timeline Analysis

MisterShak · December 12, 2017, 9:40pm

I haven’t gotten around to it yet but I think this is a must for automation:

Thoughts, alternatives?

@dave @mike.mitchell @SwedishMike @mark.vankempen @michael.butler

mike.mitchell · December 13, 2017, 4:27am

I’ve never seen that tool before but it looks like it would be a perfect fit from most DFIR workflows. It looks like tool has a pretty well defined API as well.

github.com

google/timesketch/blob/master/api_client/python/timesketch_api_client/client.py

# Copyright 2017 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Timesketch API client."""

import json
import uuid
import BeautifulSoup
import requests

This file has been truncated. show original

craigm · March 16, 2018, 8:56pm

log2timeline is a good tool for this. It was a part of the SIFT wks toolset (SANS DFIR).

Topic		Replies	Views
[PYTHON]: Here's a class to clean JSON data SecOps	0	2639	June 21, 2019
Python and Unicode: Two Helpful Resources SecOps	0	1385	January 9, 2019
Handling API errors using Python requests SecOps	5	24562	December 4, 2020
Getting started with python Tools	2	1384	April 2, 2018
Filter imported email by string in body DevOps	0	1497	October 22, 2019

Automating Log / Timeline Analysis

Related Topics