----------------------------------------------------------------------------------------------------------------------------- ROADMAP FOR LOG2TIMELINE ----------------------------------------------------------------------------------------------------------------------------- This is the official dynamic and constantly flexible roadmap for log2timeline. This roadmap is the current status of the roadmap and is in no way the final one, and can be changed dramatically very suddenly, or by implemented accordingly. That being said, this is a dynamic roadmap, which represents the current ideas about the development of the tool. Despite it's constant changes and updates it gives a pretty good picture of where log2timeline is headed and what to expect in coming releasese. Version 0.51 (Vista/Win7 artifacts) - Add input modules that are Win7/Vista specific (such as...) - Update other modules (XP Firewall Logs, SetupAPI) so that they are "compliant" with Win7/Vista - Create an input module for NTUSER.DAT files and merge with the userassist input module. Extract information inside NTUSER.DAT that are not currently part of the userassist module (other timestamp related information that is of value) - Create a parser for $MFT (to gather timestamps from the NTFS filesystem), include every timestamp found both inside the $STANDARD_INFORMATION and $FILENAME attributes - Add HH.DAT support - Add wmiprov.log support (http://msdn.microsoft.com/en-us/library/aa827354%28VS.85%29.aspx) - Add Dr. Watson log file - Add a module for ShellBag, reconstruct user activity - Create a new XML output module, using standard and optional fields (built around the timestamp object) - Add a syslog input module - Fix the threaded version of timescanner and make it the default one - Add simple timescanner functionality into GUI - Add a more broken down part of the description field into the timestamp object and create a new SQLite output module that takes advantage of it, thus creating a separate table for each source type Version 0.52 (web history add-on - part II) - Add FF input module (older versions) - need sample data before proceeding - Add Safari history file input module (to begin with just the XML structure) - Add Opera history file support (binary files) - Create a Mac library file (the first task would be to decode the plist binary structure) Version 0.53 - Add a general log file parser, that is a parser that takes as an input the structure of the log file and parses it accordingly. This input module only handles ASCII (or Unicode) log files, which are well structured. Arguments need to be passed to this input module for building the structure and the verify file part needs to take the parameters into question when verifying the correct file structure. - Add a SAM database readout structure - Add an input module for Word documents (older versions) Version 0.54 (network files add-on) - Add an input module for Cisco ACL entries - Add an input module for IPTables firewall entries - Add an input module for Linux syslog (or a general Linux log file format) - Modify the squid input module so an option can be passed to parse an access log file with httpd file format emulated - Fix the PCAP input module (collect connection information from TCP) Version 0.55 (anti-virus log files) - Add input modules for various anti-virus engines Version 0.56 (mail box) - Add support for MBOX files (input module) - Consider adding other mailbox support Version 0.57 (IM) - Add MSN history files - Add Yahoo messenger history files - Add other IM's Version 0.6 - Add the possibility to automatically guess the log file - integrate timescanner into the log2timeline tool - Add the capability to provide aliases for each input module (so that input modules can be called by their aliases as well as their real names) - Add Windows support to the tool. That is make log2timeline available in the Windows platform. This means some radical changes, such as separator issues, as well as minor adjustments as in location of temporary files and to adjust the installation process (to make an alternative method if installing than to use the make && make install *NIX way). Otherwise Windows support should not be that difficult to achieve. Version 0.7 - Add an update mechanism to log2timeline (the possibility to update the input and output modules directly without the need to update the entire tool)