Welcome to the Plaso documentation¶
Plaso (Plaso Langar Að Safna Öllu), or super timeline all the things, is a Python-based engine used by several tools for automatic creation of timelines. Plaso default behavior is to create super timelines but it also supports creating more targeted timelines.
These timelines support digital forensic investigators/analysts, to correlate the large amount of information found in logs and other files found on an average computer.
The source code is available from the project page.
- User documentation
- How to get started
- Creating a timeline
- Using collection Filters
- Event filters
- Analysis plugins
- Tips and Tricks
- Log2Timeline Perl (Legacy)