├── .editorconfig ├── .gitignore ├── LICENSE ├── MANIFEST.in ├── Makefile ├── README.md ├── docs ├── 0_Intro.md ├── 1_Tutorial.md ├── 2_Installation_and_requirements.md ├── 3_Architecture.md ├── 4_Configuration.md ├── 5_Existing_plugins.md ├── 6_Develop_your_own_plugin.md ├── 7_Licenses.md └── 8_FAQ.md ├── pyproject.toml ├── src └── orc2timeline │ ├── __init__.py │ ├── __main__.py │ ├── cli.py │ ├── conf │ └── Orc2Timeline.yaml │ ├── config.py │ ├── core.py │ ├── info.py │ ├── plugins │ ├── AmCacheToTimeline.py │ ├── EventLogsToTimeline-eventmap.txt │ ├── EventLogsToTimeline.py │ ├── FirefoxHistoryToTimeline.py │ ├── GenericToTimeline.py │ ├── I30InfoToTimeline.py │ ├── NTFSInfoToTimeline.py │ ├── RecycleBinToTimeline.py │ ├── RegistryToTimeline-important-keys.txt │ ├── RegistryToTimeline.py │ ├── USNInfoToTimeline.py │ ├── UserAssistToTimeline.py │ └── __init__.py │ └── py.typed └── tests ├── __init__.py ├── conftest.py ├── data ├── conf_7_archives │ ├── ORC_Server_FAKEMACHINE_Browsers.7z │ ├── ORC_Server_FAKEMACHINE_Detail.7z │ ├── ORC_Server_FAKEMACHINE_General.7z │ ├── ORC_Server_FAKEMACHINE_Little.7z │ └── ORC_Server_FAKEMACHINE_SAM.7z └── null_csv │ ├── ORC_Server_FAKEMACHINE_Browsers.7z │ ├── ORC_Server_FAKEMACHINE_Detail.7z │ ├── ORC_Server_FAKEMACHINE_General.7z │ ├── ORC_Server_FAKEMACHINE_Little.7z │ └── ORC_Server_FAKEMACHINE_SAM.7z ├── output └── .gitignore ├── test_cli.py ├── test_config.py └── test_core.py /.editorconfig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/.editorconfig -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/MANIFEST.in -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/README.md -------------------------------------------------------------------------------- /docs/0_Intro.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/0_Intro.md -------------------------------------------------------------------------------- /docs/1_Tutorial.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/1_Tutorial.md -------------------------------------------------------------------------------- /docs/2_Installation_and_requirements.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/2_Installation_and_requirements.md -------------------------------------------------------------------------------- /docs/3_Architecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/3_Architecture.md -------------------------------------------------------------------------------- /docs/4_Configuration.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/4_Configuration.md -------------------------------------------------------------------------------- /docs/5_Existing_plugins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/5_Existing_plugins.md -------------------------------------------------------------------------------- /docs/6_Develop_your_own_plugin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/6_Develop_your_own_plugin.md -------------------------------------------------------------------------------- /docs/7_Licenses.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/7_Licenses.md -------------------------------------------------------------------------------- /docs/8_FAQ.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/docs/8_FAQ.md -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/pyproject.toml -------------------------------------------------------------------------------- /src/orc2timeline/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/__init__.py -------------------------------------------------------------------------------- /src/orc2timeline/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/__main__.py -------------------------------------------------------------------------------- /src/orc2timeline/cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/cli.py -------------------------------------------------------------------------------- /src/orc2timeline/conf/Orc2Timeline.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/conf/Orc2Timeline.yaml -------------------------------------------------------------------------------- /src/orc2timeline/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/config.py -------------------------------------------------------------------------------- /src/orc2timeline/core.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/core.py -------------------------------------------------------------------------------- /src/orc2timeline/info.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/info.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/AmCacheToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/AmCacheToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/EventLogsToTimeline-eventmap.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/EventLogsToTimeline-eventmap.txt -------------------------------------------------------------------------------- /src/orc2timeline/plugins/EventLogsToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/EventLogsToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/FirefoxHistoryToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/FirefoxHistoryToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/GenericToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/GenericToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/I30InfoToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/I30InfoToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/NTFSInfoToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/NTFSInfoToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/RecycleBinToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/RecycleBinToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/RegistryToTimeline-important-keys.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/RegistryToTimeline-important-keys.txt -------------------------------------------------------------------------------- /src/orc2timeline/plugins/RegistryToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/RegistryToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/USNInfoToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/USNInfoToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/UserAssistToTimeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/src/orc2timeline/plugins/UserAssistToTimeline.py -------------------------------------------------------------------------------- /src/orc2timeline/plugins/__init__.py: -------------------------------------------------------------------------------- 1 | """Directory with plugins code.""" 2 | -------------------------------------------------------------------------------- /src/orc2timeline/py.typed: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | """Package for test project.""" 2 | -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/conftest.py -------------------------------------------------------------------------------- /tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_Browsers.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_Browsers.7z -------------------------------------------------------------------------------- /tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_Detail.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_Detail.7z -------------------------------------------------------------------------------- /tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_General.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_General.7z -------------------------------------------------------------------------------- /tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_Little.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_Little.7z -------------------------------------------------------------------------------- /tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_SAM.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/conf_7_archives/ORC_Server_FAKEMACHINE_SAM.7z -------------------------------------------------------------------------------- /tests/data/null_csv/ORC_Server_FAKEMACHINE_Browsers.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/null_csv/ORC_Server_FAKEMACHINE_Browsers.7z -------------------------------------------------------------------------------- /tests/data/null_csv/ORC_Server_FAKEMACHINE_Detail.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/null_csv/ORC_Server_FAKEMACHINE_Detail.7z -------------------------------------------------------------------------------- /tests/data/null_csv/ORC_Server_FAKEMACHINE_General.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/null_csv/ORC_Server_FAKEMACHINE_General.7z -------------------------------------------------------------------------------- /tests/data/null_csv/ORC_Server_FAKEMACHINE_Little.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/null_csv/ORC_Server_FAKEMACHINE_Little.7z -------------------------------------------------------------------------------- /tests/data/null_csv/ORC_Server_FAKEMACHINE_SAM.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/data/null_csv/ORC_Server_FAKEMACHINE_SAM.7z -------------------------------------------------------------------------------- /tests/output/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/test_cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/test_cli.py -------------------------------------------------------------------------------- /tests/test_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/test_config.py -------------------------------------------------------------------------------- /tests/test_core.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ANSSI-FR/orc2timeline/HEAD/tests/test_core.py --------------------------------------------------------------------------------