{"id":20563718,"url":"https://github.com/trustedsec/user-behavior-mapping-tool","last_synced_at":"2025-08-21T06:31:17.638Z","repository":{"id":42993471,"uuid":"456498317","full_name":"trustedsec/User-Behavior-Mapping-Tool","owner":"trustedsec","description":null,"archived":false,"fork":false,"pushed_at":"2023-08-22T14:22:18.000Z","size":27,"stargazers_count":159,"open_issues_count":0,"forks_count":23,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-12-11T05:41:48.389Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trustedsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-07T12:34:47.000Z","updated_at":"2024-08-18T06:41:39.000Z","dependencies_parsed_at":"2024-11-16T05:00:12.822Z","dependency_job_id":null,"html_url":"https://github.com/trustedsec/User-Behavior-Mapping-Tool","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FUser-Behavior-Mapping-Tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FUser-Behavior-Mapping-Tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FUser-Behavior-Mapping-Tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2FUser-Behavior-Mapping-Tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trustedsec","download_url":"https://codeload.github.com/trustedsec/User-Behavior-Mapping-Tool/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230494921,"owners_count":18235046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T04:20:26.310Z","updated_at":"2024-12-19T20:08:36.865Z","avatar_url":"https://github.com/trustedsec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# User-Behavior-Mapping-Tool\n\nProject aims to map out common user behavior on the computer.\nMost of the code is based on the research by kacos2000 found here:\nhttps://github.com/kacos2000/WindowsTimeline\n\nTrustedSec blog about the research behind it:\nhttps://www.trustedsec.com/blog/oh-behave-figuring-out-user-behavior/\n\n\n# Installation\n1. git clone the repo\n2. pip3 install -r requirements.txt\n\n\n# Getting started\nTo make use of this project you first need to copy out the ActivityCache.db file found on the users computer under:\n```\nC:\\Users\\%username%\\AppData\\Local\\ConnectedDevicesPlatform\\\u003cGUID\u003e\n```\n\n## UserBehaviorAnalyzer.py\nTo parse an ActivityCache.db file specify the path with the -f parameter.\nIf you only want the main exported data (one csv) you can specify -m.\nOutput folder is specified with the -o parameter. Folder will be created if it does not exist.\nIf no output folder is specified the output goes in the current working directory.\n\n\n```\npython3 UserBehaviourAnalyzer.py -f /mnt/c/ads/ActivitiesCache.db\nSuccesfully exported full raw database report\nReport gen_report_useractivity_start_and_end.csv Generated successfully\nReport gen_report_ApplicationLaunch_StartTime.csv Generated successfully\nPaths_Unique.txt Generated successfully\nReport gen_report_Activity_Applications.csv Generated successfully\nChart gen_fig_useractivity_heatmap.jpg Generated successfully\n/mnt/c/gitlab/user-behavior/1. Extraction Script/UserBehaviorAnalyzer.py:565: UserWarning: FixedFormatter should only be used together with FixedLocator\n  ax1.set_xticklabels(df1['Date'], rotation=90)\nChart gen_fig_useractivity_bar.jpg Generated successfully\nChart gen_fig_top10_apps_pie.jpg Generated successfully\nChart gen_fig_top10_apps_bars.jpg Generated successfully\n```\n\n## Reports\n\n### gen_report_Activity_Applications.csv\nThis report contains the total of time the different application has been actively used based on all the data found in the database.\n\n### gen_report_ApplicationLaunch_StartTime.csv\nThis reports shows the applications that are launched and parameters used (also filenames sometimes) and when it was launched. \nThis is useful for understanding when the user starts his applications.\n\n### gen_report_useractivity_start_and_end.csv\nThis report groups all times for each day and finds the first entry of the day and the last.\nThis report is useful for understanding when the user starts his day and when the last application was launched. \n\n## Charts\n\n### gen_fig_top10_apps_bars.jpg\nThis shows the top 10 most used application visualized with Bars. Usage is in seconds.\n\n### gen_fig_top10_apps_pie.jpg\nThis shows the top 10 most used application visualized as a pie chart. Usage is in seconds.\n\n### gen_fig_useractivity_bar.jpg\nThis visualizes when the user is active and idle based on the first activity found per day and the last activity found per day. The y axis shows the time of day. \nThe time is based on the timezone of the user\nex 500 = 0500 (5am)\nex 2000 (8pm)\n\n### gen_fig_useractivity_heatmap.jpg\nThis visualized the users activity sorted on days. The brighter color the more activity. The time is based on the timezone of the user  \n\n## Other\n\n### Paths_Unique.txt\nThis file contains unique paths the for documents/files/folders the user works towards. Perfect targets for backdoors. \n\n\n# Issues\nIf you do encounter issues please create a github issue. You might need to provide the ActivitiesCache.db since it could be a case that has not been encountered. ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fuser-behavior-mapping-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrustedsec%2Fuser-behavior-mapping-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fuser-behavior-mapping-tool/lists"}