Public Repository

Last pushed: a year ago
Short Description
Collaborative forensics timeline analysis
Full Description

Supported Tags

What is Timesketch?

Timesketch is an open source tool for collaborative forensic timeline analysis. Using sketches you and your collaborators can easily organize your timelines and analyze them all at the same time. Add meaning to your raw data with rich annotations, comments, tags and stars.

How to Use

Host Setup

Timesketch requires a Postgres database (version 9.3.14) and an Elastic database (version 2.4.1). Follow the official documentation for those images to set up databases before running Timesketch.

Running Timesketch

Run the Timesketch container and link it to databases using the following command (replace password and address properties with values relevant to our setup):

docker run -d -e POSTGRES_USER=timesketch -e POSTGRES_PASSWORD=password -e TIMESKETCH_USER=admin -e TIMESKETCH_PASSWORD=password -e POSTGRES_ADDRESS=postgres -e POSTGRES_PORT=5432 -e ELASTIC_ADDRESS=elastic -e ELASTIC_PORT=9200 jessemillar/timesketch

For a more production-quality setup, utilize the optional --restart=always flag. This will automatically restart the container in the event of a crash.

Alternatively, you can use docker-compose with this project's docker-compose.yml file to automatically setup Elastic, Postgres, and Timesketch.


View license information for the software contained in this image.

Supported Docker Versions

This image is officially supported on Docker version 1.12.3.

Please see the Docker installation documentation for details on how to upgrade your Docker daemon.

User Feedback


If you have any problems with or questions about this image, please contact us through a GitHub issue.


Documentation for the software contained in this image can be found in the GitHub wiki.

Docker Pull Command