Live system timeline builder retrieves a lot of data from a running Windows machine and combines all data to a super timeline. At the moment it only uses NirSoft tools to achieve the task. The overall timeline can be exported into an Excel file to be filtered etc.
Live system timeline builder is similar to Nirsoft Mega Report, a batch file that basically collects the same information but stores it in HTML format and does not combine the information. However, Timeline Builder only runs tools which contribute to the timeline, i.e. have some kind of time-stamp information inside.
The tool comes in two flavors: developer mode and forensic mode.
- The developer mode might be useful for developers when trying to find out why an application does not work any more. It focuses on changes to the system, application crashes, driver installations and blue screens.
- The forensic mode is more useful for administrators or people interested in forensic research. Note that it cannot perform a true forensic analysis, for which you would use a read-only copy of the hard disk. Forensic mode focuses on user activity such as browser history, chat logs and document changes.
Download Live System Timeline Builder 0.8.2.0 Setup (2.2 MB)
Live System Timeline Builder needs .NET 4.0 and therefore Windows XP Service Pack 3.
The following tools are not included yet:
Some of the Nirsoft Tools do not export the data into valid XML. The program will try to correct some of those issues but cannot correct all of them. When the Nirsoft Tools are updated regarding this issue, you can either replace them in the installation directory or download a new version of Timeline Builder when available from this website. When an error was found, the tool in question is highlighted in red. A tooltip shows what the problem was. Candidates for issues are MozillaCookiesView and SkypeLogView.
Since the tool mainly consists of Nirsoft tools, the Nirsoft license policy applies. This means that you can also use the tool commercially. From http://nirsoft.net/about_nirsoft_freeware.html (rev. 2014-10-22)
My utilities are completely freeware, without any catch.
And an example from one of the tool specific pages (http://www.nirsoft.net/utils/userassist_view.html (rev. 2014-10-22)) but similar for all tools:
This utility is released as freeware. You are allowed to freely distribute this utility via floppy disk, CD-ROM, Internet, or in any other way, as long as you don’t charge anything for this. If you distribute this utility, you must include all files in the distribution package, without any modification !