process-forest

Process analyzer

Tools for reconstructing historical process hierarchies from Windows event logs.

Reconstruct process trees from event logs

146 stars

16 watching

29 forks

Language: Python

last commit: over 4 years ago

Related projects:

Repository	Description	Stars
williballenthin/lfle	Recover event log entries from an image by identifying record structures.	27
illusivenetworks-labs/historicprocesstree	Analyzes Windows event log data to visualize historic process execution evidence in a tree view.	59
williballenthin/python-evt	A Python module for parsing classic Windows Event Log files (.evt)	48
williballenthin/python-evtx	A Python module for parsing Windows Event Log files (.evtx) into structured data	732
williballenthin/evtxtract	Reconstructs fragments of event log data from raw binary files, including unallocated space and memory images.	189
williballenthin/shellbags	This tool helps reconstruct user activities by parsing Windows Registry data.	150
williballenthin/python-ntfs	A Python library for analyzing and working with NTFS file systems.	80
logzio/sawmill	Enables JSON document transformation and enrichment with configurable pipelines and patterns	116
andrew-plowright/foresttools	A collection of R functions for analyzing and processing remote sensing forest data to detect and segment individual trees.	68
monaxgt/parsefields	Tool for analyzing and structuring log data from JSON-like sources	7
thiber-org/userline	Automates analysis of Windows Security Events to identify user logon relations	240
ahmedkhlief/apt-hunter	A tool to analyze Windows event logs for signs of APT attacks and malware activity.	1,258
yarox24/evtkit	Tool to repair Windows Event Log files (.evt) acquired during forensic investigations	18
h0mbre/busychild	A utility that analyzes and displays detailed information about processes and their relationships with other processes.	24
glouppe/phd-thesis	In-depth analysis of Random Forests algorithm to improve understanding and interpretability	527