Sajid Nawaz Khan Mar 8

If you’re a macOS user supporting with Windows digital forensics, you’ll love IRFlow Timeline:

“A high-performance native macOS application for DFIR timeline analysis. Built on Electron + SQLite to handle large files for forensic timelines (CSV, TSV, XLSX, EVTX, Plaso) without breaking a sweat. Inspired by Eric Zimmerman's Timeline Explorer for Windows.”

https://github.com/r3nzsec/irflow-timeline

/cc @taylorparizo @timb_machine @tazwake @4enzikat0r #DFIR

GitHub - r3nzsec/irflow-timeline: DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, and Plaso files with built-in process inspection, lateral movement tracking, and persistence detection.

DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, and Plaso files with built-in process inspection, lateral movement tracking, and persistence detection. - r3nzsec/i...

GitHub
Show threadTaz WakeMar 8

@snkhan Very nice1

How hard do you think it would be to get this working on Linux distros?

Show threadSajid Nawaz Khan 

@tazwake Hi Taz, I’m guessing with this being an Electon app, it should theoretically be possible to compile it for Linux. Especially as some of the underlying libraries are already being used by the likes of Chainsaw and Hayabusa.

Edit: Looks like it uses Swift and some macOS specific frameworks including AppKit, so unlikely to compile without heavily modifying the code and rebuilding the UI.

Mar 8 at 3:13pmWeb