Quick and Easy Windows Timelines with Pyhon, MySQL, and Shell Scripting presented at GrrCon 2016

by Phil Polstra,

Summary : Creating a timeline is a standard part of many forensic investigations. Often this process is difficult and/or time-consuming. In this talk, you will learn how to quickly and easily extract timeline information from NTFS filesystems using Python, store the data in a MySQL database, and easily perform standard queries with Bash scripts. Don’t spend hours with a limited tool like Autopsy trying to create a timeline when you can have results in minutes.
A basic knowledge of Python and MySQL would be helpful for this talk, but is not required. Some NTFS basics will also be discussed in this talk.