Forensic Timeliner features

Document created by drossler Employee on May 11, 2017Last modified by jyamada on Jan 23, 2019
Version 3Show Document
  • View in full screen mode

Forensic Timeliner (timeliner.exe, or Timeliner) is a standalone feature that ships with Malwarebytes Breach Remediation. It is used to collect and export system timelines on Windows systems for forensic analysis. The output is CSV or CEF event logging. It is written in C++ using the Windows API, and is packaged as a single portable Windows executable (EXE).
Timeliner runs on Windows XP through Windows 10, 32 and 64-bit, and has no dependencies other than standard Windows DLLs. The Malwarebytes Forensic Timeliner does not run on macOS.