Timeline Generation (Plaso / log2timeline)
CommunityBuild a unified super-timeline fast.
System Documentation
What problem does it solve?
It solves the problem of correlating large volumes of digital evidence into a single, chronological timeline without manual searching across many artifact sources.
Core Features & Use Cases
- Super-timeline creation from diverse evidence: Ingest disk images, mounted filesystems, and individual files into a unified Plaso storage file for Windows, Linux, web history, and Android artifacts.
- Filtering, sorting, and exporting for pivoting: Export timelines to CSV/JSON/dynamic formats and filter by time ranges, keywords, or specific parser sources for rapid investigation.
- Focused ingest and extraction to reduce processing time: Run targeted parser sets or extract files from images to generate timelines when full ingestion is too slow or too broad.
Use Case: After mounting a Windows EWF/RAW image, generate a UTC super-timeline including VSS-preserved artifacts, then export a filtered CSV focused on PowerShell-related events within the suspected attack window.
Quick Start
Use the Timeline Generation skill to ingest a mounted Windows filesystem into a Plaso storage file and export a CSV timeline for analysis, then open the CSV in Timeline Explorer.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Timeline Generation (Plaso / log2timeline) Download link: https://github.com/rjonhaas/SIFTics/archive/main.zip#timeline-generation-plaso-log2timeline Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.