Skip to content

Releases: kacos2000/WindowsTimeline

WindowsTimeline parser (x64)

13 Aug 18:07
@kacos2000 kacos2000
v.2.0.77.0
0cd108d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)
  • Added Hex Offset in the Clipboard text carver
  • Added column with Clipboard Type info (in anticipation of upcoming Clipboard change)
  • Updated estimation of Win10 version identification (based on the dB)
  • Changed 1703/1709 queries to show more data
    (Win10 v1709 and earlier have the following line in the Smartlookup View query preventing display of deleted entries:)
    LEFT OUTER JOIN Activity ON ActivityOperation.Id = Activity.Id WHERE [O].[OperationType] <> 3
Assets 3
Loading

WindowsTimeline parser (x64)

10 Aug 15:06
@kacos2000 kacos2000
v.2.0.75.0
002e773
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)
  • Changed the queries so that all timestamps are (as they should be) in UTC
  • Updated IANA/OLSON TimeZone support (does not account for Daylight savings)
  • Included 'Clipboard Text Carver' option

NOTE: In previous 'WindowsTimeline parser' versions timestamps are in examiner's Local Time

Assets 3
Loading

WindowsTimeline Clipboard Text Carver (Win10 x64)

08 Aug 18:49
@kacos2000 kacos2000
v1.0.4.0
d0988c6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline Clipboard Text Carver (Win10 x64)

Update :
- Added tooltips
- Changed Base64 conversion from ASCII to UTF8.

Assets 3
Loading

WindowsTimeline parser (x64)

04 Aug 21:09
@kacos2000 kacos2000
v.2.0.74.0
d0988c6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)
  • Minor GUI scaling & file output fixes
Assets 3
Loading

WindowsTimeline Clipboard Text Carver (Win10 x64)

05 Aug 19:33
@kacos2000 kacos2000
v.1.0.2.0
5b271a8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline Clipboard Text Carver (Win10 x64) 
- Retrieves (carves) current & deleted Clipboard text entries from an ActivitiesCache db or db-wal file.
- Displays offset of entry in the file & decoded text
- Allows Copy of a selection or all of the results
- Allows export to "|" separated CSV

          Example:
           - WindowsTimeline.exe: 15 clipboard text entries (SQLite query)
           - ClipboardTextEntries.exe: 224 from the db & 19 from the db-wal
Assets 3
Loading

WindowsTimeline parser (x64)

01 Aug 21:04
@kacos2000 kacos2000
v.2.0.72.0
60878ec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)

  • Quite a few updates/improvements, plus:

    • Show estimation of originating Win10 version in the status bar while processing
    • Added GMT representation of the Timezone (based on Olson/IANA lists) (does not account for Daylight savings)
    • Added option to view Clipboard history (if available) in a separate window
    • Added option to export Clipboard history (if available) separately in a CSV
Assets 3
Loading

WindowsTimeline parser (x64)

31 Jul 18:08
@kacos2000 kacos2000
v.2.0.70.0
0740569
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)
  • Added support for all ActivitiesCache.dbs (from 1709-2004+)
    done limited testing on 1709 dbs due to the scarcity of them
  • Added some column info tooltips
  • Many small improvements
Assets 3
Loading

WindowsTimeline parser (x64)

22 Jul 10:41
@kacos2000 kacos2000
v.2.0.67.0
f5457d7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)
  • Minor fix
Assets 3
Loading

WindowsTimeline parser (x64)

02 Jul 12:07
@kacos2000 kacos2000
v.2.0.64.0
187a708
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)
  • Added support for 'ActivityEngagementFlags' in ActivityType 6 entries (Win10 v.2004+)
  • Fixed error not displaying ParentActivityId
Assets 3
Loading

WindowsTimeline parser (x64)

01 Jul 23:11
@kacos2000 kacos2000
v.2.0.63.0
eb688e9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
WindowsTimeline parser (x64)

Added support for Device Type 16 (Windows 10 Tablet PC)
Added option to view All the Devices in the selected NTUser.dat in a popup
Added some coloring to ease viewing large dB sets

Note:
If you need/want to manually download "System.Data.SQLite"
the location of the downloads is https://system.data.sqlite.org/index.html/doc/trunk/www/downloads.wiki

WindowsTimeline.exe looks for this file:
"C:\Program Files\System.Data.SQLite\2010\bin\System.Data.SQLite.dll"

Assets 3
Loading