The Beautiful Mind of a Timeline

Kristinn Gudjonsson
Google Inc

Johan Berggren
Google Inc


How does one find the needle in the sea of haystacks that is our data? In this presentation we’ll talk about how one can utilize Timesketch as a data exploration platform and as a method to experiment with data science techniques to both surface anomalies as well as reduce noise. We’ll explore the benefits of thinking like a data scientist and will demonstrate this with examples of statistical analyzers in Timesketch.

About Kristinn Gudjonsson

Kristinn is a member of the Detection & Response team at Google, where he has been for over 7 years. Kristinn joined Google in 2011 as part of the incident response team, investigating and responding to security incidents. He was known for tinkering with code, focusing on tools like plaso. Kristinn then made a move over to management where he oversaw the digital forensics and incident management teams in Sunnyvale. Kristinn is now back into an individual contributor role, working on projects like Timesketch, l2tscaffolder and others. In a previous life Kristinn worked as an incident response and forensics consultant in Iceland. Kristinn holds an M.Sc. from Institut National des Telecommunications (INT, now Telecom & Management) school from Paris and a B.Sc. in computer and electronic engineering from the University of Iceland.

About Johan Berggren

Johan Berggren is a security engineer at Google and has more than 15 years of experience in information security, incident response and digital forensics. Between responding to incidents he develops Timesketch, the open source forensic timeline analysis tool.