process-forest

Process analyzer

Tools for reconstructing historical process hierarchies from Windows event logs.

Reconstruct process trees from event logs

146 stars

16 watching

29 forks

Language: Python

last commit: over 4 years ago

Related projects:

Repository	Description	Stars
williballenthin/lfle	Recover event log entries from an image by identifying record structures.	27
illusivenetworks-labs/historicprocesstree	Analyzes Windows event log data to visualize historic process execution evidence in a tree view.	59
williballenthin/python-evt	A Python module for parsing classic Windows Event Log files (.evt)	49
williballenthin/python-evtx	A Python module for parsing Windows Event Log files (.evtx) into structured data	732
williballenthin/evtxtract	Reconstructs fragments of event log data from raw binary files, including unallocated space and memory images.	191
williballenthin/shellbags	This tool helps reconstruct user activities by parsing Windows Registry data.	151
williballenthin/python-ntfs	A Python library for analyzing and working with NTFS file systems.	81
logzio/sawmill	Enables JSON document transformation and enrichment with configurable pipelines and patterns	116
andrew-plowright/foresttools	A collection of R functions for analyzing and processing remote sensing forest data to detect and segment individual trees.	68
monaxgt/parsefields	Tool for analyzing and structuring log data from JSON-like sources	7
thiber-org/userline	Automates analysis of Windows Security Events to identify user logon relations	241
ahmedkhlief/apt-hunter	A tool to analyze Windows event logs for signs of APT attacks and malware activity.	1,265
yarox24/evtkit	Tool to repair Windows Event Log files (.evt) acquired during forensic investigations	18
h0mbre/busychild	A utility that analyzes and displays detailed information about processes and their relationships with other processes.	24
glouppe/phd-thesis	An in-depth analysis of random forests, focusing on their learning capabilities and interpretability.	525