GrrCon 2016 – Quick and Easy Windows Timelines with Pyhon, MySQL, and Shell Scripting

Creating a timeline is a standard part of many forensic investigations. Often this process is difficult and/or time-consuming. In this talk, you will learn how to quickly and easily extract timeline information from NTFS filesystems using Python, store the data in a MySQL database, and easily perform standard queries with Bash scripts. Don’t spend hours with a limited tool like Autopsy trying to create a timeline when you can have results in minutes. A basic knowledge of Python and MySQL would be helpful for this talk, but is not required. Some NTFS basics will also be discussed in this talk.
