----------------------------------------------------------------------------------------------------------------------------- ROADMAP FOR LOG2TIMELINE ----------------------------------------------------------------------------------------------------------------------------- This is the official dynamic and constantly flexible roadmap for log2timeline. This roadmap is the current status of the roadmap and is in no way the final one, and can be changed dramatically very suddenly, or by implemented accordingly. That being said, this is a dynamic roadmap, which represents the current ideas about the development of the tool. Despite it's constant changes and updates it gives a pretty good picture of where log2timeline is headed and what to expect in coming releasese. Version 0.61 - fix the ShellBag addition to ntuser, make it work properly (disabled in version 0.51) - Add more IE Cookie support (parse the text files instead of only index.dat file) - Add a module for Thumbs.db file - Add a SAM database readout structure - Add more specific registry key parsing (software + system) THE TOOL ITSELF - Add a more broken down part of the description field into the timestamp object (thus making new output modules possible) - Go through some optimization - Add Unicode support, and especially to "fix" importing timeline into Excel.... (might need UTF-16) OUTPUT MODULES - Create a new XML output module, using standard and optional fields (built around the timestamp object) - Add a more broken down part of the description field into the timestamp object and create a new SQLite output module that takes advantage of it, thus creating a separate table for each source type Version 0.62 - l2t_process - change into Python (and do a bit of a design before proceeding, this could turn into a monster) - use Matplotlib to plot the scatter plot directly - Add any .exe files that reside in the temporary directory to the timeline (very suspicious) - Add the keyword itself into the notes field (to see why there was a hit) - Create new timeline, with the keyword hits and then 45 (changable) lines above and below the keyword hit - log2timeline engine - Add a threaded version? as an option? - Add Java IDX files - Add Opera history file support (binary files) - Add some Plist parsing, add Mac OS X artifacts into the tool - Add an input module for Word documents (older versions) - Take a look at threading once again Version 0.64 (network files add-on) - Add an input module for Cisco ACL entries - Add an input module for IPTables firewall entries - Fix the PCAP input module (collect connection information from TCP) Version 0.65 (anti-virus log files) - Add input modules for various anti-virus engines Version 0.66 (remote administration log files) - Add input module for various remote administration tools (logmein, pcanywhere, vnc, ...) Version 0.67 (mail box) - Add support for MBOX files (input module - Mail::Box::Mbox ) - Consider adding other mailbox support (consider to use a C library for PST/OST files, write a XS Perl library to map between) - Add MSN history files - Add Yahoo messenger history files - Add other IM's (Skype chat for instance) Version 0.70 - Add the capability to provide aliases for each input module (so that input modules can be called by their aliases as well as their real names) - Add Windows support to the tool. That is make log2timeline available in the Windows platform. This means some radical changes, such as separator issues, as well as minor adjustments as in location of temporary files and to adjust the installation process (to make an alternative method if installing than to use the make && make install *NIX way). Otherwise Windows support should not be that difficult to achieve. Version 0.80 - Add an update mechanism to log2timeline (the possibility to update the input and output modules directly without the need to update the entire tool) Basically to create a module manager, where you can add or remove modules at will