https://github.com/nannib/nbtempow

NBTempoW V. 2.1 is a forensic tool for making timelines from block devices image files (raw, ewf,physicaldrive, etc.). It uses TSK (The Sleuthkit) and it has been developed with Lazarus V. 1.6.2 ( Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows. If the device image file is splitted, you can select just the first chunk.
https://github.com/nannib/nbtempow

forensic-analysis forensics lazarus sleuthkit the timeline tsk windows

Last synced: about 1 year ago
JSON representation

Host: GitHub
URL: https://github.com/nannib/nbtempow
Owner: nannib
License: lgpl-3.0
Created: 2017-03-02T10:59:10.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2017-03-29T11:09:10.000Z (about 9 years ago)
Last Synced: 2025-03-31T03:32:23.629Z (about 1 year ago)
Topics: forensic-analysis, forensics, lazarus, sleuthkit, the, timeline, tsk, windows
Language: Pascal
Homepage:
Size: 16.4 MB
Stars: 8
Watchers: 5
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-forensics - **6**星

README

# NBTEMPOW V. 2.1
NBTempoW is a forensic tool for making timelines from block devices image files (raw, ewf or \\.\physicaldriveX). It uses TSK (The Sleuthkit https://www.sleuthkit.org/) and it has been developed with Lazarus V. 1.6.2 (Delphi compatible cross-platform IDE for Rapid Application Development). It runs only in Windows.
If the device image file is splitted, you can select just the first chunk.

For listing physicaldrives in Windows, open CMD and write:

wmic diskdrive list brief /format:list

then you can use the physical drive ad input for NBTempoW:
\\.\physicaldrive0

Author: Nanni Bassetti - http://www.nannibassetti.com

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/nannib/nbtempow

Awesome Lists containing this project

README