Log2Timeline
Log2Timeline is a command-line tool used in digital forensics to extract timestamped events from a variety of log sources and to produce a chronological timeline. It is a core component of the Plaso framework and is designed to consolidate disparate artifacts into a single event chronology that can aid investigations and incident response.
Origin and design: Log2Timeline was developed to standardize the extraction of timeline data from many forensic
Workflow: Users typically collect forensic artifacts from a target system, run log2timeline to build a Plaso
Features and scope: log2timeline supports parsing a broad set of artifact types through parsers, including Windows