From 42bebcefb2e0af48321aba47ab08322227b90d12 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Mon, 18 Jun 2018 08:34:24 +0000
Subject: [PATCH] Tools: Digital Forensics and Incident Response:
 williballenthin/process-forest

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index d278100..b80259d 100644
--- a/README.md
+++ b/README.md
@@ -1097,6 +1097,10 @@ _return-to-libc techniques_
         <td><a href="https://github.com/williballenthin/EVTXtract">williballenthin/EVTXtract</a></td>
         <td>EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/williballenthin/process-forest">williballenthin/process-forest</a></td>
+        <td>process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process heirarchies.</td>
+    </tr>
 </table>
 
 ### Exploits