Skill Detail

Build super timelines from mixed forensic artifacts with Plaso

Ingest disk, log, and system artifacts into a sortable forensic timeline before analysis, scoping, or case review.

Runbooks & DiagnosticsMulti-Framework

Runbooks & Diagnostics Multi-Framework Published

⭐ 2.1k GitHub stars

INSTALL WITH ANY AGENT

npx skills add agentskillexchange/skills --skill build-super-timelines-from-mixed-forensic-artifacts-with-plaso Copy

Works best when you want a reusable capability, not another fragile one-off prompt.

View source Documentation

At a glance

Tools required

Plaso tooling such as log2timeline and psort, Python environment, artifact set or disk image to parse

Install & setup

Install Plaso from the upstream project or supported packages, feed it the target artifact source or image, then generate and review the resulting timeline with the standard Plaso tools.

Author

log2timeline

Publisher

Organization

Last updated

Apr 19, 2026

Quick brief

Use Plaso when an agent needs to collect many timestamped forensic artifacts and normalize them into a single timeline for investigation. A user should invoke this instead of using the project normally when the task is specifically to build a super timeline from evidence sources before deeper analysis, not to browse a generic DFIR framework. The scope boundary is clear and skill-shaped: multi-artifact timeline construction for forensic review, not a plain product card.

Best fit

When to reach for it

Best when the job fits Runbooks & Diagnostics.
Works naturally with Multi-Framework setups.
Requires Plaso tooling such as log2timeline and psort, Python environment, artifact….
Installation is straightforward: Install Plaso from the upstream project or supported packages, feed it the target artifact source or…

Trust & provenance

Why this listing is credible

Trust status: Published.
2.1k GitHub stars on the linked upstream source.
Last updated Apr 19, 2026.

View source ↗ Documentation ↗