Timesketch has support for Docker. This is a convenient way of getting up and running.
Follow the official instructions here
Follow the official instructions here
git clone https://github.com/google/timesketch.git
cd timesketchcd docker
sudo docker-compose up- Retrieve the randomly generated password from startup logs:
TIMESKETCH_PASSWORD set randomly to: xxx - Go to: http://127.0.0.1/
- Login with username: admin and the retrieved random password
- You can now create your first sketch by pressing the green button on the middle of the page
- Add the test timeline under the Timeline tab in your new sketch
- Go to http://127.0.0.1:5000/explore/ and have fun exploring!
The timesketch docker config is set to write all data to the host filesystem, not the containers. This is accomplished with docker volumes that map to the following locations:
- elasticsearch: /var/lib/elasticsearch
- neo4j: /var/lib/neo4j/data
- postgres: /var/lib/postgresql
- redis: /var/lib/redis
These locations on the host filesystem can be backed with any storage mechanism to persist sketch data beyond the container lifetimes.