Users Guide‎ > ‎

4n6time

4n6time, formerly "l2t_Review", is a free, cross-platform forensic tool for timeline creation and review. Since 4n6time is powered by the amazing plaso engine, formally log2timeline, users can now create, with a mouse, a raw timeline storage file from a disk image. Once a timeline has been created, it can be outputted to a 4n6time database (sqlite). Using 4n6time, you can then start review with the ability to filter, highlight, sort, tag, bookmark, and search on common data fields. Also included are basic reporting features as well as the ability to export subsets of data back into the CSV and timeline storage files. Please note this documentation is a work in progress. Check back for updates or email with questions.

Get started - Download Instructions.

Here are some highlights of 4n6time:

  • Timeline creation wizard
  • Robust filtering
  • Event tagging, bookmarking, and (auto)highlighting like eDiscovery tools
  • Interactive graphical representation of events
  • File viewing, hashing, and exporting via data source (i.e. linking timeline to disk image or mount point)
  • Basic reporting and charting
  • Appending timelines from multiple data sources (cross-host timeline analysis)
  • Ability to save work product back into timeline storage files
  • Supports legacy timelines (CSV) created  from log2timeline
    Check it out: