NBTempoW - timeline in Windows

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

NBTempoW - timeline in Windows

Nanni Bassetti
NBTempoW is a forensic tool for making timelines from block devices image files (raw, ewf,etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk. https://github.com/nannib/NBTEMPOW

Enjoy it! ;-)

Dott. Nanni Bassetti
www.nannibassetti.com

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NBTempoW - timeline in Windows

Nanni Bassetti
Thanks to Derrick Karpo for warning of a problem in the file selection, I changed the system and now there is NBTempoW V. 2.0 ;-)

2017-03-02 22:04 GMT+01:00 Nanni Bassetti <[hidden email]>:
NBTempoW is a forensic tool for making timelines from block devices image files (raw, ewf,etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk. https://github.com/nannib/NBTEMPOW

Enjoy it! ;-)

Dott. Nanni Bassetti
www.nannibassetti.com



--
Dott. Nanni Bassetti
CAINE project manager - http://www.caine-live.net

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NBTempoW - timeline in Windows

David Nides
just for kicks i tried running it quickly on a few images (e01) to see what the output looks like and it produced empty excels each time.

On Fri, Mar 3, 2017 at 4:28 AM, Nanni Bassetti <[hidden email]> wrote:
Thanks to Derrick Karpo for warning of a problem in the file selection, I changed the system and now there is NBTempoW V. 2.0 ;-)

2017-03-02 22:04 GMT+01:00 Nanni Bassetti <[hidden email]>:
NBTempoW is a forensic tool for making timelines from block devices image files (raw, ewf,etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk. https://github.com/nannib/NBTEMPOW

Enjoy it! ;-)

Dott. Nanni Bassetti
www.nannibassetti.com



--
Dott. Nanni Bassetti
CAINE project manager - http://www.caine-live.net

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org



------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NBTempoW - timeline in Windows

Nanni Bassetti
Hi David,
are you using NBTempoW 2.0? I guess yes...so, it's strange, because I and other people have tried on E01 and DD (raw) images and it works fine. Did you select a date range? Or did you use no parameters?
Let me know :-)
BTW you can try using tsk_gettimes.exe disk.E01 | mactime exe -d 0000-00-00 > timeline.csv you can find them in \bin directory, so you can check using only TSK tools without my GUI and let me know if it works.
Thank you

2017-03-06 19:43 GMT+01:00 David Nides <[hidden email]>:
just for kicks i tried running it quickly on a few images (e01) to see what the output looks like and it produced empty excels each time.

On Fri, Mar 3, 2017 at 4:28 AM, Nanni Bassetti <[hidden email]> wrote:
Thanks to Derrick Karpo for warning of a problem in the file selection, I changed the system and now there is NBTempoW V. 2.0 ;-)

2017-03-02 22:04 GMT+01:00 Nanni Bassetti <[hidden email]>:
NBTempoW is a forensic tool for making timelines from block devices image files (raw, ewf,etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk. https://github.com/nannib/NBTEMPOW

Enjoy it! ;-)

Dott. Nanni Bassetti
www.nannibassetti.com



--
Dott. Nanni Bassetti
CAINE project manager - http://www.caine-live.net

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org





--
Dott. Nanni Bassetti
CAINE project manager - http://www.caine-live.net

------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
sleuthkit-users mailing list
https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
http://www.sleuthkit.org
Loading...