Timesketch at Black Hat USA 2025 & defcon 33

Links & Material

Find links for all the topics we talked about below.

Timesketch

• General Timesketch Setup Guide
• Enable the Investigation View
• How to experiment and connect with AI Capability for Log Analysis

Sec-Gemini Log Analysis Capability

Sec-Gemini and its Log Analysis Capability are experimental research. The team is looking for trusted testers for access to the Log Reasoning Capabilities:

• Trusted Tester Application Form

Exploration Graph & Killchain

Talks & Demos

Black Hat Briefing: Autonomous Timeline Analysis and Threat Hunting - An AI Agent for Timesketch

The Timesketch team has partnerd with the Sec-Gemini research team to develop an experimental Log Reasoning Agent. This session will dive deeper into the architecture, capabilities, and development of the Sec-Gemini Log Reasoning Agent. We will discuss the challenges and breakthroughs in creating an AI for log analysis.

Link: View on Black Hat Briefing Schedule

Black Hat Arsenal: Timesketch - AI-Powered Super Timeline Analysis

Come see a demonstration of the new Investigation View workflow. We'll showcase how an analyst can trigger an external AI agent to process millions of events, automatically generating and populating Digital Forensics Investigative Questions (DFIQ). Discover how this AI-assisted workflow helps analysts rapidly triage findings, synthesize conclusions, and accelerate the reporting process.

Link: View on Blackhat Arsenal Schedule

defcon 33

We will be running some presentations and demos at the AI Village at defcon 33. Come and discuss with us the challenges of working with AI in DFIR investigations and explore a demonstration of the AI Investigation View in Timesketch.

Link: Scheduling TBD