AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Table of Contents

Conclusion

I’ve only recently started using Timeline Explorer shortly after I took SANS FOR508 in July 2020. That was my first exposure to Timeline Explorer in a class setting. Shortly after class and back at work, I was using Excel and I was having fits with it in dealing with larger CSV files (>400mb) so I decided to give Timeline Explorer a try. It handled those larger CSV outputs a lot better and it allowed me to experience some of the quality of life features I mentioned earlier. I quickly adopted Timeline Explorer as my daily driver for examining CSV output and I haven’t looked back since. I’ll use Excel for a few things here and there when I need to but most of my analysis occurs in Timeline Explorer now. Hopefully this guide has been helpful in illustrating some of the features that can help make your analysis easier and more efficient! If anyone has any suggestions, please let me know!

Timeline Explorer-Related Blog Posts/Videos

Introducing Timeline Explorer v0.4.0.0

Enhancing Event Log Analysis with EvtxECmd using KAPE

Episode 87: Introducing and Using Timeline Explorer

Change Log

  • 8/19/2020 – Initial version published.
  • 8/21/2020 – New GIFs added for new features added in 1.1.0.0.
  • 8/25/2020 – Fixed potentially broken links in Table of Contents
  • 9/1/2020 – Added GIFs for new 1.1.1.0 features
  • 10/28/2020 – Added pictures for new 1.1.3.0 features
  • 11/12/2020 – Added new GIF for a feature I was previously unaware of (drag and select items while filtering from column header)
  • 12/13/2020 – Added link to GitHub repository that hosts KAPE !EZParser output
  • 4/17/2021 – Added new links