Timeline

Timelining has been one of the most critical parts of Digital Forensic investigations while also being the most time-consuming part.

The traditional way of creating timelines is collecting evidence, parsing them, and combining the results using CSV files.

AIR comes to the rescue for solving this problem. With only a few clicks, you can easily create timelines for multiple assets in parallel and see the results on a collaborative, web-based user interface in which you can tag/flag each piece of evidence.

Timelines can be created from a single asset and can be easily enriched using additional evidence such as:

• Additional Assets

• CSV Files

• Milestones

• Off-Network Acquisitions

All the flagged/tagged evidence is listed in the "Flagged" section that makes it easy to create reports before finalizing an investigation.

Existing Timelines and new ones can be created by selecting "More" from the Main Menu and then "Timelines".

To create a new Timeline select the "+Add New" button at the top of the page:

The New "Timeline" then gives you the option to 'Create with selected assets' or 'Create an empty timeline and add evidence later'

You can now search for and select the assets desired for the Timeline:

Having selected the assets to include in the Timeline you now have to define the task by:

1. Giving the Timeline a name.

2. Allocating it to a Case.

3. Selecting a Timezone

4. Providing a description (Optional)

AIR now presents you with three options for adding data to your new Timeline:

1. Add an asset

2. Add an off-network asset

3. Import a CSV file