Home

CAT Detect is a tool for detecting inconsistency (in the form of [missing] and [out-of-sequence] events) in computer activity timelines. These timelines are sequences of [events] ordered by [timestamp]. Events are sourced from log files (these are called [recorded events]) and from other timestamps on the file system (these are called [inferred events]).

Download the latest release - 2 August 2011 DFRWS release

CAT Detect needs developers! Some nice projects for students or enthusiasts are listed on the [CAT Detect Sub-Projects].

[Setup instructions]

The techniques employed by CAT Detect are discussed in detail in:
A. Marrington, I. Baggili, G. Mohay and A. Clark (2011) CAT Detect (Computer Activity Timeline Detection): A tool for detecting inconsistency in computer activity timelines. In: Digital Investigation: Eleventh Annual DFRWS Conference (DFRWS 2011), vol. 8S; 2011, p. S52-S61