TIMELINE BASED DIGITAL FORENSICS ANALYSIS
Nowadays, digital forensics analysis is not simply to recover a bunch of Artifacts or deleted files anymore, instead analysts should answer questions like what happened, when, why, how and if possible also who did it. Adversaries leave footprints everywhere on systems, either be a regular user or hacker, they will interact with systems and somehow leave traces. Analysts evaluate systems for user activity around the time of incidents. Timeline based digital forensics will help analysts to find multiple artifacts pointing to the same evidence (Opening a file on Windows machine, for example, may leave traces in 4-6 locations) which will substantiate the same fact and increase overall weight of evidence.