What is a "supertimeline"?

A "supertimeline" brings timestamps from multiple sources together.

Name some sources for of timestamps that can be used in a supertimeline?

  • filesystem timestamps (MACB)
  • logs (syslog, MS event, application, firewall, AV)
  • browser history, cookies, cache, bookmarks
  • Windows registry
  • email files
  • office docs
  • exif data (metadata from pics/vids)
  • recycle/trash bins
  • Win prefeth, restore, TLN, LNK files, other MS formats
  • volatility output files
  • captured network traffic (PCAP files)
Name a tool that can be used to generate a supertimeline.

log2time/plaso is a python supertimeline framework, has many parsers to extract timestamps from differnt file types.