Timesketch: Collaborative forensic timeline analysis

130•apachepig•4mo ago

Comments

xandrius•4mo ago

Interesting that it's code owned by Google but a product. Is it because it was developed by someone during work (and hence owned by Google) but nobody from Google endorses it?

bjackman•4mo ago

This is just how it looks when you publish an open source project at Google.

Google controls the repo hence it's under the Google GitHub org. But then you just slap the "not a Google product" thing at the end to clarify that it's "just" some engineers publishing code rather than the release of the code of a Google product (nor a major strategic open source initiative like Go).

jsnell•4mo ago

Their process is documented at https://opensource.google/documentation/reference/releasing

So it could even be a pure hobby project - not something done for work - where the initial author (over a decade ago) chose to release it under Google's copyright rather than use the exception process.

tfsh•4mo ago

Any Googler can write code and open source it on the Google GitHub (within reason, the process is quite straightforward). So no, Google as an entity does not official endorse it, all it means is at least one employee is working on that particular effort.

j-krieger•4mo ago

I heard a lecture from one of its users/developers a year ago in Munich. IIRC it’s a tool that came out of their incident response teams, but don‘t quote me on this

ChrisArchitect•4mo ago

Website: https://timesketch.org/

sneak•4mo ago

Python 3 backend, Vue js front end, docker, Apache 2 licensed.

jcul•4mo ago

Only had a glance on my phone but maybe this would also be useful for incident postmortem timelines.

egorfine•4mo ago

Do I get it right that translated from marketingspeak it means "log viewer with backend"?

whizzter•4mo ago

I'm more understanding it as a tool so that multiple people collaborating on investigating a hack/data-breach/etc can audit/tag events in the interesting logs (ssh logins, weird executables starting,network probes, etc) from various sources and get a _combined timeline_ to easier determine adversary movement, cause-and-effect and so on to easier find what needs patching,etc.

olejorgenb•4mo ago

There's no timeline view in this timeline analysis tool?

macmac•4mo ago

Thanks, I thought I was the only one baffled by this.

nerpderp82•4mo ago

Cruel joke!

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

SectorC: A C Compiler in 512 bytes (2023)

Haskell for all: Beyond agentic coding

Speed up responses with fast mode

Software factories and the agentic moment

Brookhaven Lab's RHIC concludes 25-year run with final collisions

IBM Beam Spring: The Ultimate Retro Keyboard

Hoot: Scheme on WebAssembly

Stories from 25 Years of Software Development

LLMs as the new high level language

First Proof

Vocal Guide – belt sing without killing yourself

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

FDA intends to take action against non-FDA-approved GLP-1 drugs

Al Lowe on model trains, funny deaths and working with Disney

Show HN: A luma dependent chroma compression algorithm (image compression)

Start all of your commands with a comma (2009)

Show HN: Axiomeer – An open marketplace for AI agents

Vouch

The AI boom is causing shortages everywhere else

Microsoft account bugs locked me out of Notepad – Are thin clients ruining PCs?

The silent death of good code

Selection rather than prediction

I write games in C (yes, C) (2016)

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

Learning from context is harder than we thought

Reinforcement Learning from Human Feedback

Where did all the starships go?

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox