Automated TimeLine Generation with Plaso - OMENScan/AChoir GitHub Wiki

AChoir has been designed, not only for collection of Telemetry and Artifacts, but to automate their Post-Processing.

The Plaso.ACQ script located in the \Scripts directory does the following:

1. Check if Plaso has already been downloaded. If not, Download and Extract it.
2. Run log2timeline against the collected Artifacts to build a BodyFile Timeline
3. Run Psort to convery the BodyFile timeline to a CSV Version of the same Timeline