The latest publication of Hakin9 has an article featuring Gleeda’s Timeliner. Shoutz to Gleeda and shoutz to Nick Baronian for writing the article.
"Creating a timeline of events for a forensics case can be one of the most vital pieces of an investigation. There are many different artifacts a forensic investigator can analyze when attempting to create a timeline of events. Some of the most common Window’s artifacts include filesystem MFT entries, Registry writes and reads, logs, browser history, prefetch files, restore points, RecycleBin, Metadata and so on but one of the areas usually not included in a timeline is memory. Parsing through memory to include memory artifacts can be fairly time-consuming process, but thanks to Jamie Levy (Gleeda) we now have another exceptional Volatility plugin, Timeliner. Currently, the Timeliner plugin has the capability to produce a timeline body file that contains timestamp values for the following: Registry Keys last write time, UserAssist last run times, Process timestamps, Thread timestamps, Network timestamps, Event Log timestamps and PE creation timestamps. The ability to include these artifacts in your final timeline of events, can help give you a better picture of what transpired during the time your investigation centers around.”