Authors: Florian Buchholz (Purdue University), Courtney Falk (Purdue University)
DFRWS USA 2005
Abstract
In this paper we describe the design and implementation of Zeitline. Zeitline is a graphical timeline editor that allows a forensic investigator to create a timeline of events that were gathered from different sources, such as host MAC times, system logs, and firewalls. We present some background information, discuss the design of the tool, describe its features, and give an overview of how to improve the existing prototype.