Structured Investigator Outputs
Investigators need structured outputs that can be reviewed, validated, exported, correlated, and incorporated into reporting workflows.
The Acorn is designed to support this process through integrated workflows that generate investigator-focused outputs across multiple stages of an investigation.
Autopsy Investigation HTML Report
Investigation Output Examples
The examples below show how The Acorn’s integrated forensic tools on the Acorn generate structured outputs for a range of forensic workflows, including timeline reconstruction, memory analysis, data recovery, event log analysis and network investigations.
Timeline Reconstruction
Generate structured timeline outputs from forensic artefacts, Windows event logs, endpoint activity, and incident response investigations.
• export.csv
• review.tln
• timeline.plaso
• summary.txt
Memory Analysis
Generate investigation-ready outputs from memory analysis, persistence detection, malware artefacts, and endpoint activity investigations.
• volatility-report.txt
• yara-findings.txt
• persistence-results.csv
• malware-summary.txt
Evidence & Log Analysis
Produce structured forensic outputs from Windows event logs, endpoint artefacts, registry analysis, and investigative review workflows.
• hayabusa-results.csv
• chainsaw-findings.json
• event-timeline.csv
• registry-summary.txt
Hidden Data & Recovery
Recover deleted files, analyse hidden partitions, examine encrypted containers, identify embedded metadata, and investigate damaged storage media.
• recovered-files/
• recup_dir/
• metadata-report.txt
• partition-analysis.log
Network & Traffic Analysis
Produce investigation-ready network outputs from packet capture analysis, session reconstruction, host discovery, and network mapping workflows.
• capture.pcapng
• extracted-files/
• session-reconstruction/
• nmap-scan-results.txt
Threat Detection
Generate structured threat hunting outputs from Windows event logs, Sigma-rule detections, endpoint investigations, malware analysis, and memory forensics.
• sigma-results.csv
• hayabusa-timeline.csv
• yara-findings.txt
• velociraptor-collection.zip
Output Screenshots
This section shows a selection of example investigative artefacts, structured exports, timeline data, forensic reports, memory analysis findings, and workflow-generated evidence outputs on The Acorn.
Timeline Reconstruction
Evidence Source Selection
Timeline Generation In Progress
Timeline Generation Complete
Timeline Output Files
Memory Analysis
Memory Analysis Workflow Selection
Memory Analysis In Progress
Memory Analysis Complete
Extracted Memory Artefacts
Hidden Data & Recovery
Recovery Source Selection
File System Selection
Recovery Complete
Recovered Files
Evidence & Log Analysis
Event Log Selection
Log Analysis In Progress
Log Analysis Complete
Analysis Output Files
Explore The Acorn Investigation Platform
The Acorn combines integrated forensic workflows, evidence protection controls, investigator-focused reporting, and structured forensic outputs within a portable Linux forensic environment.
Designed for digital forensics, incident response, cybersecurity investigations, education, and field-based investigative work, The Acorn helps investigators move from acquisition through analysis and reporting using a unified workflow-driven platform.