Credits
IRFlow Timeline is built on the shoulders of incredible open source projects and the DFIR community.
Open Source Projects
| Project | Usage | Link |
|---|---|---|
| Electron | Application framework | electron/electron |
| better-sqlite3 | High-performance SQLite engine with WAL mode, FTS5 | WiseLibs/better-sqlite3 |
| @ts-evtx/core | Native Windows EVTX event log parsing | NickSmet/ts-evtx |
| Plaso (log2timeline) | Forensic timeline generation (we import Plaso SQLite output) | log2timeline/plaso |
| ExcelJS | XLSX streaming reader | exceljs/exceljs |
| SheetJS (xlsx) | XLSX parsing | SheetJS/sheetjs |
| csv-parser | CSV/TSV streaming parser | mafintosh/csv-parser |
| React | UI rendering | facebook/react |
| Vite | Build tooling and hot-reload | vitejs/vite |
| VitePress | Documentation site | vuejs/vitepress |
| electron-builder | macOS DMG packaging | electron-userland/electron-builder |
Inspiration
- Timeline Explorer by Eric Zimmerman — the original Windows DFIR timeline viewer that inspired this project
- KAPE by Eric Zimmerman — artifact collection and parsing framework
- Plaso / log2timeline — forensic timeline generation framework
- Hayabusa — Windows event log analysis tool
- Chainsaw — Windows event log detection tool
DFIR Community
- Eric Zimmerman — Timeline Explorer for Windows, the original inspiration for this project
- log2timeline/Plaso — Super timeline generation framework by Kristinn Gudjonsson and contributors
- SANS DFIR — DFIR training and community resources
- The DFIR Report — Real-world intrusion analysis reports that informed threat detection patterns
Beta Testers
Thanks to the following people for testing and providing feedback:
License
IRFlow Timeline is released under the Apache License 2.0.