Plaso

Plaso Langar Að Safna Öllu, which translates to 'super timeline all the things', is an engine based on Python. It is utilized by various tools for the automatic generation of timelines.

These timelines assist digital forensic investigators and analysts in correlating the vast amount of information found in logs and other files typically located on an average computer.

The original purpose of Plaso was to gather all timestamped events of interest from a computer system and compile them into a single location for the purpose of computer forensic analysis, commonly referred to as the Super Timeline.

However, Plaso has become a framework that supports: adding new parsers or parsing plug-ins; adding new analysis plug-ins; and writing one-off scripts to automate repetitive tasks in computer forensic analysis or equivalent. Additionally, it is moving to support: adding new general-purpose parsers/plugins that may not have timestamps associated with them; providing more analysis context; tagging events; and enabling a more targeted approach to the collection and parsing of data.