ReconGraph documentation

ReconGraph is a Python library designed to reconstruct and visualize system behaviors and activities based on forensic logs. It specialized in converting Plaso (log2timeline) CSV files into a structured forensic graph timeline.

By parsing sequential log data and mapping them to events identified via Sigma rules, recongraph builds a MultiDiGraph (Multi-Directed Graph) that represents state transitions and operational flow. This graph-based approach aids forensic investigators in anomaly detection, behavioral analysis, and understanding complex system events across diverse platforms like Windows and Linux.

Contents:

• Introduction
  • Project Overview
  • Key Features
  • Why Use ReconGraph?
• Installation
  • Prerequisites
  • Installing via Pip (Recommended)
  • Installing from Source
• Usage
  • Command Line Interface
  • Library Usage
  • Running Tests
• Data Formats
  • Forensic Log Timeline
  • Sigma Rules
  • Supported Log Types
• API Reference
  • ReconGraph
  • Component Classes
• Licenses
  • ReconGraph License
  • Sigma Rules License
• Changelog
  • v0.0.1

Indices and tables

• Index

• Module Index

• Search Page