Timeliner is a digital forensics tool that serves as a rewrite of the traditional mactime utility, designed for timeline analysis of file system events. The tool incorporates a real expression engine that enables users to parse and apply complex filtering logic to forensic timeline data. This expression engine supports BPF (Berkeley Packet Filter) syntax, allowing investigators to create sophisticated queries for filtering events based on multiple criteria including time ranges, file paths, weekdays, and specific dates. Key capabilities include advanced filtering options that go beyond basic timeline analysis, enabling forensic analysts to narrow down large datasets to relevant events. The tool processes file system metadata to create chronological timelines of file activity, which is essential for incident response and forensic investigations. Currently in alpha development stage, timeliner aims to modernize timeline analysis workflows by providing more flexible query capabilities compared to traditional tools. The expression engine represents the primary differentiating feature, offering investigators enhanced control over data filtering and analysis processes.