Views:

Create investigation timelines with the collected evidence to gain insight into the context of an incident.

The following table outlines the actions available in the Timeline screen.
Action
Description
Filter timeline elements
Use the dropdown lists and specify the operating system to locate specific timeline entries.
  • Timestamp
  • Timestamp type
  • Evidence type
  • Endpoint
Add a custom element to the timeline
Click the Add Element icon (add_icon=cf892c2f-1a1f-4d22-848f-023067e4a507.png) and follow the instructions on screen to add a custom element to the timeline.
Delete elements from the timeline
Select one or more elements from the timeline and then click Delete Selected.
Reset timeline
Click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) and select Delete All to delete all elements from a timeline.
Add timeline to sub case
Click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) and select Add Timeline to Case to add the current timeline to the specified Forensics sub-case.