Create lab3-timeline-analysis.md

Author: ngvuthdanhh

labs/lab3-timeline-analysis.md

@@ -0,0 +1,15 @@
+# Lab 3 – Timeline Analysis
+
+## Objective
+Use forensic tools to build and analyze event timelines.
+
+## Tasks
+1. Parse MFT, event logs, browser history.
+2. Build a supertimeline.
+3. Identify suspicious activity.
+4. Determine attacker movement.
+
+## Expected Output
+- Timeline CSV  
+- Key-event annotations  
+- Incident flow summary