Welcome back to the second installment of our DFIR blog! If you didn’t read Introduction to Digital Forensics and Incident Response check it out.
Let’s get started on our next chapter, Timeline Analysis and Time Stamped Forensics.
A Chapter from Your Favorite Crime Novel
In one of his blog posts, Corey Harrell described timeline analysis as a "great technique to determine the activity that occurred on a system at a certain point in time". When referring to DFIR, we would take it one step further: timeline analysis is necessary for effective incident response.