Forensics

Visualize Logs: interactive log visualization

by do son · Published November 4, 2016 · Updated November 4, 2024

This is a Python library and command line tools package used to visualize log data. Right now this package supports:

ProcMon CSV data
More log types will be added as time allows.

API Documentation:

Visualize_Logs
Visualize_Logs package

Installation

# pip install visualize_logs

… or

# git clone https://github.com/keithjjones/visualize_logs.git
# cd visualize_logs
# python setup.py install

Usage

# plotprocmoncsv -h

Here are some links to example output from the command line tools:

plotprocmoncsv

Kovter:

The next two samples were identified in the following blog post: https://blog.malwarebytes.com/threat-analysis/2016/07/untangling-kovter/

SHA256: 15c237f6b74af2588b07912bf18e2734594251787871c9638104e4bf5de46589

Kovter 1 Example 1: Processes Only (Focused)
Kovter 1 Example 2: Processes Only (All)
Kovter 1 Example 3: File Writes/Renames/Deletes (All)
Kovter 1 Example 4: Registry Write/Deletes (All)
Kovter 1 Example 5: Network (All)

SHA256: bffe7ccbcf69e7c787ff10d1dc7dbf6044bffcb13b95d851f4a735917b3a6fdf

Kovter 2 Example 1: Processes Only (Focused)
Kovter 2 Example 2: Processes Only (All)
Kovter 2 Example 3: File Writes/Renames/Deletes (All)
Kovter 2 Example 4: Registry Write/Deletes (All)
Kovter 2 Example 5: Network (All)

Ransomware:

SHA256: 9b462800f1bef019d7ec00098682d3ea7fc60e6721555f616399228e4e3ad122

Ransomware Example 1: Processes Only (Focused)
Ransomware Example 2: Processes Only (All)
Ransomware Example 3: Processes and Network (All)
Ransomware Example 4: File Writes/Renames/Deletes (Focused)
Ransomware Example 5: File Writes/Renames/Deletes (All)
Ransomware Example 6: Registry Writes and Deletes (Focused)

wwwlgoogle dot com Adware:

SHA256: e64910e3549a6c6e01be814b40e0f1fca02db45d5d19e2882a90914cef1c799e

wwwlgoogle Example 1: Processes Only (Focused)
wwwlgoogle Example 2: Processes Only (All)
wwwlgoogle Example 3: Processes and Network (Focused)
wwwlgoogle Example 4: Processes and Network (All)
wwwlgoogle Example 5: File Writes/Renames/Deletes (Focused)
wwwlgoogle Example 6: File Writes/Renames/Deletes (All)
wwwlgoogle Example 7: Registry Writes and Deletes (Focused)

Source: https://keithjjones.github.io/visualize_logs.github.io/

Share

Tags: interactive log visualization Visualize Logs Visualize Logs: interactive log visualization