recorded events

Recorded events are sourced from logs which have been identified in the case.

The tool log2timeline (http://www.log2timeline.net) is capable of recursively searching through a mounted image file, identifying various log formats it supports, and parsing their contents into a CSV format.

A nice project might be to add an output format to log2timeline which would give output into the normalised format used by CAT Detect.

In the meantime, the output of log2timeline can be manually converted into the necessary format and loaded into a database using CAT Detect's built in tool.