I would like to have data from Windows Event Logs, AmCache, Jump Lists etc. integrated into the timeline and I’m trying to figure out a way to do this, if it’s possible at all.
If I understood you correctly an ingest module can add artifacts to the blackboard which then end up in the timeline. This sounds like the solution to my problem. I found a nice example that uses the blackboard. But I also found this post which states that custom artifact types aren’t possible at the moment. I’m not sure what capabilities the existing artifact types have and if I my idea really requires custom artifact types. What’s your opinion?