Automation of Report and Timeline-file based file and URL analysis

The objective of this paper is to describe the workings of a highly extensible, high-performance, automatic timeline report parsing tool. The proposed tool, Log:Mole, can process log2timeline CSV export files and mactime-based bodyfiles.The tool can process these file types from both online and offline systems. This capability enables the tool to provide an automated, up-to-date mechanism for weeding out files that are known good and known-bad. If the files that are referenced in the log2timeline report are accessible to Log:Mole, it is able to gather additional information on their nature by passing them to various analyzing modules and combining the results. Thus Log:Mole can provide additional information not available solely from the logfiles.The proposed tool will greatly reduce the overwhelming amount of data requiring in-depth analysis and it runs atop both Windows and Linux. Moreover, it supports very large input-based report files while remaining high-performance making it suitable for large investigations. Finally, this paper examines use cases, examples and provides a conclusion and possible future work to be carried out including implementing data visualization and metadata extraction capabilities.