Tag: autotimeliner

AutoTimeliner Automagically extract forensic timeline from volatile memory dumps. How it works AutoTimeline automates this workflow: Identify the correct volatility profile for the memory image. Runs the timeliner plugin against volatile memory dump using volatility. Runs the mftparser volatility plugin, in order to extract $MFT from memory and generate a bodyfile. Runs the shellbags volatility plugin in order to generate a bodyfile…