Jumping straight back in with no news of what’s been happening, apart from a new job, and me generally forgetting about this altogether.
If you want a simple way to get timelining with log2timeline & plaso, running it on Ubuntu is really easy.
You’ll need:
Virtual Box isntaller
Ubuntu iso
Direct Internet Access (I had challenges going through the proxy with apt, so would recommend this for ease of use).
Here’s how to get it happening:
1.Install Virtual Box (Instructions here: https://brb.nci.nih.gov/seqtools/installUbuntu.html
2.Install Ubuntu
#This pre-empts Ubuntu’s requirement when you try to install Guest additions
3. sudo apt-get install build-essential gcc make perl dkms
4.Install VMWare Guest Additions
5.Reboot
6.Install Plaso
7. sudo add-apt-repository ppa:gift/stable
8. sudo apt-get update
9. sudo apt-get install plaso-tools
Wondering where the log2timeline and/or plaso scripts have been installed? Check with dkpg -L plaso-tools.
Have fun timelining/forensicating/ctf’ing ‘all the things’