tag:blogger.com,1999:blog-9518042.post3727951707264824581..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: LinksUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9518042.post-17846214103592846212010-03-30T11:17:48.531-05:002010-03-30T11:17:48.531-05:00I agree that visualization has it's place in t...I agree that visualization has it's place in timeline analysis, but not so much for <i>analysis of trends and clustering</i>, as malware infections and intrusions tend to be the least frequency of occurrence on a system. By their very nature, they <i>aren't</i> a trend or cluster.<br /><br />For me, at the moment, visualization tools have their greatest strength after analysis is complete and findings need to be presented to a customer, prosecutor, or jury.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-87472333007061972272010-03-30T10:31:56.500-05:002010-03-30T10:31:56.500-05:00Great post. I think that your point of timeline vi...Great post. I think that your point of timeline visualization is huge. There are some opensourced projects out there, but we need to find a framework that can integrate. Visualization allows for "grey matter" based analysis of trends and clustering, and also provides a GREAT way to demostrate findings to others. I would envision a visualization framework as one that allows multiple sources to be "turned on and off" for clarity as well as customized grouping/aggregation for each source. I have played with some and started to produce some output. Lots of potential. Thanks for mentioning the "other" side of timelining. :)Anonymoushttps://www.blogger.com/profile/14881267648919784812noreply@blogger.com