Project aims to map out common user behavior on the computer

Related tags

Miscellaneous User-Behavior-Mapping-Tool
Overview

User-Behavior-Mapping-Tool

Project aims to map out common user behavior on the computer. Most of the code is based on the research by kacos2000 found here: https://github.com/kacos2000/WindowsTimeline

TrustedSec blog about the research behind it: https://www.trustedsec.com/blog/oh-behave-figuring-out-user-behavior/

Installation

  1. git clone the repo
  2. pip3 install -r requirements.txt

Getting started

To make use of this project you first need to copy out the ActivityCache.db file found on the users computer under:

C:\Users\%username%\AppData\Local\ConnectedDevicesPlatform\

UserBehaviorAnalyzer.py

To parse an ActivityCache.db file specify the path with the -f parameter. If you only want the main exported data (one csv) you can specify -m. Output folder is specified with the -o parameter. Folder will be created if it does not exist. If no output folder is specified the output goes in the current working directory.

python3 UserBehaviourAnalyzer.py -f /mnt/c/ads/ActivitiesCache.db
Succesfully exported full raw database report
Report gen_report_useractivity_start_and_end.csv Generated successfully
Report gen_report_ApplicationLaunch_StartTime.csv Generated successfully
Paths_Unique.txt Generated successfully
Report gen_report_Activity_Applications.csv Generated successfully
Chart gen_fig_useractivity_heatmap.jpg Generated successfully
/mnt/c/gitlab/user-behavior/1. Extraction Script/UserBehaviorAnalyzer.py:565: UserWarning: FixedFormatter should only be used together with FixedLocator
  ax1.set_xticklabels(df1['Date'], rotation=90)
Chart gen_fig_useractivity_bar.jpg Generated successfully
Chart gen_fig_top10_apps_pie.jpg Generated successfully
Chart gen_fig_top10_apps_bars.jpg Generated successfully

Reports

gen_report_Activity_Applications.csv

This report contains the total of time the different application has been actively used based on all the data found in the database.

gen_report_ApplicationLaunch_StartTime.csv

This reports shows the applications that are launched and parameters used (also filenames sometimes) and when it was launched. This is useful for understanding when the user starts his applications.

gen_report_useractivity_start_and_end.csv

This report groups all times for each day and finds the first entry of the day and the last. This report is useful for understanding when the user starts his day and when the last application was launched.

Charts

gen_fig_top10_apps_bars.jpg

This shows the top 10 most used application visualized with Bars. Usage is in seconds.

gen_fig_top10_apps_pie.jpg

This shows the top 10 most used application visualized as a pie chart. Usage is in seconds.

gen_fig_useractivity_bar.jpg

This visualizes when the user is active and idle based on the first activity found per day and the last activity found per day. The y axis shows the time of day. The time is based on the timezone of the user ex 500 = 0500 (5am) ex 2000 (8pm)

gen_fig_useractivity_heatmap.jpg

This visualized the users activity sorted on days. The brighter color the more activity. The time is based on the timezone of the user

Other

Paths_Unique.txt

This file contains unique paths the for documents/files/folders the user works towards. Perfect targets for backdoors.

Issues

If you do encounter issues please create a github issue. You might need to provide the ActivitiesCache.db since it could be a case that has not been encountered.

You might also like...
Easily map device and application controls to a midi controller

pymidicontroller Introduction Easily map device and application controls to a midi controller

Tane Barriball 24 May 16, 2022
Prop-based map editor for the Apex Legends mod, R5Reloaded

R5R Map Editor A tool to build maps out of props in the Apex Legends mod, R5Reloaded Instuctions Install R5R Download this program Get the prop spawne

null 7 Dec 16, 2022
Cvdl-hw2 - Find Contour, Camera Calibration, Augmented Reality and Stereo Disparity Map

opevcvdl-hw2 This project uses openCV and Qt to achieve the requirements. Version Python 3.7 opencv-contrib-python 3.4.2.17 Matplotlib 3.1.1 pyqt5 5.1

Kenny Cheng 3 Aug 17, 2022
VCM EE1.2 P-layer feature map anchor generation 137th MPEG-VCM

VCM EE1.2 P-layer feature map anchor generation 137th MPEG-VCM

IPSL 6 Oct 18, 2022
A tool for generating skill map/tree like diagram
A tool for generating skill map/tree like diagram

skillmap A tool for generating skill map/tree like diagram. What is a skill map/tree? Skill tree is a term used in video games, and it can be used for

Yue 98 Jan 7, 2023
Here is my Senior Design Project that I implemented to graduate from Computer Engineering.
Here is my Senior Design Project that I implemented to graduate from Computer Engineering.

Here is my Senior Design Project that I implemented to graduate from Computer Engineering. It is a chatbot made in RASA and helps the user to plan their vacation in the Turkish language. In order to plan the user's vacation, it provides reservations by asking various questions for hotel, flight, or event.

Ezgi Subaşı 25 May 31, 2022
Class XII computer science project.

Computer Science Project — Class XII Kshitij Srivastava (XI – A) Introduction The aim of this project is to create a fully operational system for a me

Kshitij Srivastava 2 Jul 21, 2022
A collection of common regular expressions bundled with an easy to use interface.

CommonRegex Find all times, dates, links, phone numbers, emails, ip addresses, prices, hex colors, and credit card numbers in a string. We did the har

Madison May 1.5k Dec 31, 2022
Team Curie is a group of people working together to achieve a common aim
Team Curie is a group of people working together to achieve a common aim

Team Curie is a group of people working together to achieve a common aim. We are enthusiasts!.... We are setting the pace!.... We offer encouragement and motivation....And we believe TeamWork makes the DreamWork.

null 4 Aug 7, 2021
Comments
  • fix bug + add a few checks

    fix bug + add a few checks

    Hello!

    Seriously awesome tool, I have been waiting for a public implementation of this of a while 😛

    I fixed a small issue where if you specified the option -o out, what happened is that the files where created in the current working directory with the string "out" prepended to each file name.

    Also, if the user disables the recording of the activity, the database will be empty, we now detect that and exit gracefully.

    We also detect invalid files and added a .gitignore (kinda silly but is a small change anyway)

    Hope you like it!

    opened by S4ntiagoP 2
  • Lack of UTF-8 encoding in generated reports

    Lack of UTF-8 encoding in generated reports

    When running your tool, I got the following error message:

    Traceback (most recent call last): File "D:\util\GitHub\Forensics\User-Behavior-Mapping-Tool\UserBehaviorAnalyzer.py", line 575, in textfile.write(str(item) + "\n") File "C:\Python39\lib\encodings\cp1252.py", line 19, in encode return codecs.charmap_encode(input,self.errors,encoding_table)[0] UnicodeEncodeError: 'charmap' codec can't encode characters in position 22-24: character maps to

    The error was fixed by changing line 575 to: textfile = open(outfolder+"Paths_Unique.txt", "w", encoding='utf-8')

    opened by Sam0rai 2
  • sqlite3.OperationalError: no such column: AppActivityId

    sqlite3.OperationalError: no such column: AppActivityId

    Hello,

    I am getting the below error when trying to run this script.

    Traceback (most recent call last): File "/Users/%username%/Desktop/Tools/User-Behavior-Mapping-Tool-main/UserBehaviorAnalyzer.py", line 103, in query = cur.execute('''select sqlite3.OperationalError: no such column: AppActivityId

    opened by fitsumaf 0
Owner
trustedsec
trustedsec
GitHub
Odd-Or-Even - Ask the user for a number. Depending on whether the number is even or odd, print out an appropriate message to the user

Odd-Or-Even Ask the user for a number. Depending on whether the number is even o

PyLaboratory 0 Feb 7, 2022
MeepoBenchmark - This project aims at providing the scripts, logs, and analytic results for Meepo Blockchain

MeepoBenchmark - This project aims at providing the scripts, logs, and analytic results for Meepo Blockchain

Peilin Zheng 3 Aug 16, 2022
Retrying is an Apache 2.0 licensed general-purpose retrying library, written in Python, to simplify the task of adding retry behavior to just about anything.

Retrying Retrying is an Apache 2.0 licensed general-purpose retrying library, written in Python, to simplify the task of adding retry behavior to just

Ray Holder 1.9k Dec 29, 2022
solsim is the Solana complex systems simulator. It simulates behavior of dynamical systems—DeFi protocols, DAO governance, cryptocurrencies, and more—built on the Solana blockchain

solsim is the Solana complex systems simulator. It simulates behavior of dynamical systems—DeFi protocols, DAO governance, cryptocurrencies, and more—built on the Solana blockchain

William Wolf 12 Jul 13, 2022
A community-driven python bot that aims to be as simple as possible to serve humans with their everyday tasks

JARVIS on Messenger Just A Rather Very Intelligent System, now on Messenger! Messenger is now used by 1.2 billion people every month. With the launch

Swapnil Agarwal 1.3k Jan 7, 2023
redun aims to be a more expressive and efficient workflow framework

redun yet another redundant workflow engine redun aims to be a more expressive and efficient workflow framework, built on top of the popular Python pr

insitro 372 Jan 4, 2023
In this project, we are going to display the battery notification and the time left for the battery to drain out using the battery capacity value.

In this project, we are going to display the battery notification and the time left for the battery to drain out using the battery capacity value.

Ritoban Biswas 1 Dec 20, 2021
A project to find out all the words in a crossword.

A project to find out all the words in a crossword.

Kalpesh Dhoundiyal 1 Feb 6, 2022
Automatically remove user join messages when the user leaves the server.

CleanLeave Automatically remove user join messages when the user leaves the server. Installation You will need to install poetry to run this bot local

null 11 Sep 19, 2022
TrackGen - The simplest tropical cyclone track map generator

TrackGen - The simplest tropical cyclone track map generator Usage Each line is a point to be plotted on the map Each field gives information about th

TrackGen 6 Jul 20, 2022