LogonTracer
Tool and Usage
Project details | |
---|---|
License | Custom license |
Programming language | Python |
Author | Shusei Tomonaga |
Latest release | 1.4.0 [] |
Project health
Links
GitHub project |
Why this tool?
LogonTracer is a tool to investigate malicious logins from Windows event logs with visualization capabilities.
How it works
LogonTracer uses a predefined set of events to find those related to the authentication process. Based on the interactions it shows a visualized representation of the event together with the related hosts. The web interface itself is powered by Flask with data stored in a Neo4j database. Visualization is done using Cytoscape.
Background information
Related Windows event IDs:
- 4624: Successful logon
- 4625: Logon failure
- 4768: Kerberos Authentication (TGT Request)
- 4769: Kerberos Service Ticket (ST Request)
- 4776: NTLM Authentication
- 4672: Assign special privileges
Usage and audience
LogonTracer is commonly used for criminal investigations, digital forensics, or learning. Target users for this tool are forensic specialists, security professionals, and system administrators.
Features
- Docker support
- Web interface
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + More than 500 contributors
- + The source code of this software is available
History and highlights
- Demo at Black Hat USA 2018 Arsenal
Installation
Supported operating systems
LogonTracer is known to work on Linux, macOS, and Microsoft Windows.
Dependencies
Several dependencies are required to use LogonTracer.
- Cytoscape
- Flask
- Neo4j
- Neo4j JavaScript driver
- Python 3
LogonTracer alternatives
Similar tools to LogonTracer:
Bitscout
Bitscout is a security tool that allows professionals performing digital forensics remotely. The toolkit creates a live-cd for this purpose.
dfis
Digital Forensic Investigative Scripts, or dfis, is a collection of scripts that can be used during forensic investigations.
FIR
FIR is an incident response tool written in the Django framework. It provides a web interface to deal with the creation and management of security-related incidents.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Categories
This tool is categorized as a digital forensics tool.