Project aims to map out common user behavior on the computer

Overview

User-Behavior-Mapping-Tool

Project aims to map out common user behavior on the computer. Most of the code is based on the research by kacos2000 found here: https://github.com/kacos2000/WindowsTimeline

TrustedSec blog about the research behind it: https://www.trustedsec.com/blog/oh-behave-figuring-out-user-behavior/

Installation

  1. git clone the repo
  2. pip3 install -r requirements.txt

Getting started

To make use of this project you first need to copy out the ActivityCache.db file found on the users computer under:

C:\Users\%username%\AppData\Local\ConnectedDevicesPlatform\
   

   

UserBehaviorAnalyzer.py

To parse an ActivityCache.db file specify the path with the -f parameter. If you only want the main exported data (one csv) you can specify -m. Output folder is specified with the -o parameter. Folder will be created if it does not exist. If no output folder is specified the output goes in the current working directory.

python3 UserBehaviourAnalyzer.py -f /mnt/c/ads/ActivitiesCache.db
Succesfully exported full raw database report
Report gen_report_useractivity_start_and_end.csv Generated successfully
Report gen_report_ApplicationLaunch_StartTime.csv Generated successfully
Paths_Unique.txt Generated successfully
Report gen_report_Activity_Applications.csv Generated successfully
Chart gen_fig_useractivity_heatmap.jpg Generated successfully
/mnt/c/gitlab/user-behavior/1. Extraction Script/UserBehaviorAnalyzer.py:565: UserWarning: FixedFormatter should only be used together with FixedLocator
  ax1.set_xticklabels(df1['Date'], rotation=90)
Chart gen_fig_useractivity_bar.jpg Generated successfully
Chart gen_fig_top10_apps_pie.jpg Generated successfully
Chart gen_fig_top10_apps_bars.jpg Generated successfully

Reports

gen_report_Activity_Applications.csv

This report contains the total of time the different application has been actively used based on all the data found in the database.

gen_report_ApplicationLaunch_StartTime.csv

This reports shows the applications that are launched and parameters used (also filenames sometimes) and when it was launched. This is useful for understanding when the user starts his applications.

gen_report_useractivity_start_and_end.csv

This report groups all times for each day and finds the first entry of the day and the last. This report is useful for understanding when the user starts his day and when the last application was launched.

Charts

gen_fig_top10_apps_bars.jpg

This shows the top 10 most used application visualized with Bars. Usage is in seconds.

gen_fig_top10_apps_pie.jpg

This shows the top 10 most used application visualized as a pie chart. Usage is in seconds.

gen_fig_useractivity_bar.jpg

This visualizes when the user is active and idle based on the first activity found per day and the last activity found per day. The y axis shows the time of day. The time is based on the timezone of the user ex 500 = 0500 (5am) ex 2000 (8pm)

gen_fig_useractivity_heatmap.jpg

This visualized the users activity sorted on days. The brighter color the more activity. The time is based on the timezone of the user

Other

Paths_Unique.txt

This file contains unique paths the for documents/files/folders the user works towards. Perfect targets for backdoors.

Issues

If you do encounter issues please create a github issue. You might need to provide the ActivitiesCache.db since it could be a case that has not been encountered.

Owner
trustedsec
trustedsec
This repository contains the exercices for the robotics class at Supaero, 2022.

Supaero robotics, 2022 This repository contains the exercices for the robotics class at Supaero, 2022. The exercices are organized by notebook. Each n

Gepetto team, LAAS-CNRS 5 Aug 01, 2022
Reproduce digital electronics in Python

Pylectronics Reproduce digital electronics in Python Report Bug · Request Feature Table of Contents About The Project Getting Started Prerequisites In

Filipe Garcia 45 Dec 20, 2021
Bitflip Fault Simulation Platform by Daniele Rizzieri (2021)

BFSP [v1.05] Bitflip Fault Simulation Platform by Daniele Rizzieri (2021) The platform injects a random bitflip in each of N copies of a binary file.

Daniele Rizzieri 2 Nov 05, 2022
Inviare messaggi tramite app IO a partire da dati contenuti in file .csv

parlaConIO Inviare messaggi tramite app IO a partire da dati contenuti in file .csv -- Nessun obbligo, ma in caso di clonazione o uso del programma c

Francesco Del Castillo 6 Aug 22, 2022
A simple script for generating screenshots with Vapoursynth

Vapoursynth-Screenshots A simple script for generating screenshots with Vapoursynth. About I'm lazy, and hate changing variables for each batch of scr

7 Dec 31, 2022
Timetable scripts for python

Timetable Scripts timetable_to_json: https://beta.elektronplus.pl/timetable classes_taught_by_teacher: a.adam (aa) ['1Tc', '1Td', '3Te', '3Ti', '4Tf',

Elektron++ 2 Jan 02, 2022
A web UI for managing your 351ELEC device ROMs.

351ELEC WebUI A web UI for managing your 351ELEC device ROMs. Requirements Python 3 or Python 2.7 are required. If the ftfy package is installed, it w

Ben Phelps 5 Sep 26, 2022
BlueBorne Dockerized

BlueBorne Dockerized This is the repo to reproduce the BlueBorne kill-chain on Dockerized Android as described here, to fully understand the code you

SecSI 5 Sep 14, 2022
A python script to simplify recompiling, signing and installing reverse engineered android apps.

urszi.py A python script to simplify the Uninstall Recompile Sign Zipalign Install cycle when reverse engineering Android applications. It checks if d

Ahmed Harmouche 4 Jun 24, 2022
Python bindings for the Plex API.

Python-PlexAPI Overview Unofficial Python bindings for the Plex API. Our goal is to match all capabilities of the official Plex Web Client. A few of t

Michael Shepanski 931 Jan 07, 2023
Cross-platform MachO/ObjC Static binary analysis tool & library. class-dump + otool + lipo + more

ktool Static Mach-O binary metadata analysis tool / information dumper pip3 install k2l Development is currently taking place on the @python3.10 branc

Kritanta 301 Dec 28, 2022
DeDRM tools for ebooks

DeDRM_tools DeDRM tools for ebooks This is a fork of Apprentice Harper's version of the DeDRM tools. I've added some of the PRs that still haven't bee

2 Jan 10, 2022
TMTC Commander Core

This commander application was first developed by KSat for the SOURCE project to test the on-board software but has evolved into a more generic tool for satellite developers to perform TMTC (Telemetr

robamu 8 Dec 14, 2022
App to decide weekly winners in H2H 1 Win (9 Cat)

Fantasy Weekly Winner for H2H 1 Win (9 Cat) Yahoo Fantasy API Read

Sai Atmakuri 1 Dec 31, 2021
A free and open-source chess improvement app that combines the power of Lichess and Anki.

A free and open-source chess improvement app that combines the power of Lichess and Anki. Chessli Project Activity & Issue Tracking PyPI Build & Healt

93 Nov 23, 2022
A basic tic tac toe game on python!

A basic tic tac toe game on python!

Shubham Kumar Chandrabansi 1 Nov 18, 2021
SMS-b0mber VANDALIZM developed for VK group

VANDALIZM SMS-b0mber VANDALIZM developed for VK group https://vk.com/dark__code if you come across this code, you can use it for your own purposes) ус

5 Jun 24, 2022
The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss.

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of

197 Nov 14, 2022
Hoopoe - Get notified of important stuff, right away.

Hoopoe - Get notified of important stuff, right away. Report a Bug · Request a Feature . Ask a Question Table of Contents About Getting Started Prereq

Vahid Al 8 Nov 12, 2022
Web3 Solidity Connector

With this project, you can compile your sol files and create new transactions including creating contract and calling the state changer functions. You can integrate integrate your sol files with Pyth

Fethi Tekyaygil 3 Oct 09, 2022