process-forest: processes Microsoft Windows EVTX event logs
process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process hierarchies. That is, it displays the parent-child relationships among programs....