From b4dd033ef8e22b46598cc0a339e8dbd06b526483 Mon Sep 17 00:00:00 2001
From: Meir Wahnon <meir@demisto.com>
Date: Sat, 14 Nov 2015 19:43:28 +0200
Subject: [PATCH] add timeline

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 658ceab..bb8e518 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@ A curated list of tools for incident response
 - [Memory Analysis Tools](#memory-analysis-tools)
 - [Memory Imaging Tools](#memory-imaging-tools)
 - [Process Dump Tools](#process-dump-tools)
+- [Timeline tools](#timeline-tools)
 - [All in one tools](#all-in-one-tools)
 - [Videos](#videos)
 
@@ -33,6 +34,10 @@ A curated list of tools for incident response
 * [PMDump](http://ntsecurity.nu/toolbox/pmdump/) - PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process
 * [Microsoft User Mode Process Dumper](http://www.microsoft.com/en-us/download/details.aspx?id=4060) - The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image on the fly
 
+### Timeline tools
+* [Plaso](https://github.com/log2timeline/plaso) -  a Python-based backend engine for the tool log2timeline
+* [Timesketch](https://github.com/google/timesketch) -open source tool for collaborative forensic timeline analysis
+
 ### All in one Tools
 * [X-Ways Forensics](http://www.x-ways.net/forensics/) - X-Ways is a forensics tool for Disk cloning and imaging. It can be used to find deleted files and disk analysis
 * [The Sleuth Kit & Autopsy](http://www.sleuthkit.org) - The Sleuth Kit is a Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things