Nowadays, digital forensics analysis is not simply to recover a bunch of Artifacts or deleted files anymore, instead analysts should answer questions like what happened, when, why, how and if possible also who did it. Adversaries leave footprints everywhere on systems, either be a regular user or hacker, they will interact with systems and somehow leave traces. Analysts evaluate systems for user activity around the time of incidents. Timeline based digital forensics will help analysts to find multiple artifacts pointing to the same evidence (Opening a file on Windows machine, for example, may leave traces in 4-6 locations) which will substantiate the same fact and increase overall weight of evidence.


Even on an idle Windows machine, hundreds of events happen every minute. The huge amount of data generated by timeline analysis may easily overwhelm digital forensics analysts. Digital forensics tools should provide abilities to make investigators job of finding interesting evidence among millions of records easier. To solve this, Forensafe provides multiple chart support, effective filtering and searching.

Supports 450+ Artifacts and counting

Supports wide-range of Artifact types

Search faster

Quick search and value highlighting with flexible data filtering feature

One Timeline for all Evidence

Ability to add multiple evidence to a single case

Organized Timeline

Coloring ability based on Artifact type and ability to add Bookmarks and Notes

Advanced Grid Control

Fast sorting and grouping evidence

Evidence Extraction

One-click evidence extraction ability

Data Illustration

Charts for different data sets, from Pie to 3D Line

More normalized columns than current timeline tools