userline.md 1.1 KB
Userline
Description
This tool automates the process of creating logon relations from MS Windows Security Events by showing a graphical relation among users domains, source and destination logons, session duration, who was logged on the systems in a given datetime, session hijacking, etc. It is also able to integrate with 3rd party tools and provides different output modes such as CSV output, Neo4j, Timesketch, JSON, SQLite, Gephi and Graphviz.
Categories
- Data Forensics
- Incident Response
Black Hat sessions
Code
https://github.com/thiber-org/userline
Lead Developer
Chema Garcia - https://github.com/sch3m4