Process Tree and Timeline (ptt)

Explore your Windows Security Event Logs in style with Process Tree and Timeline.
PTT arranges events in chronological order and creates a tree-view of processes and the events they emitted,
allowing for easy tracing of process-related forensic analysis.

Additionally, the Timeline view generates a histogram of the events, allowing you to easily see where and when activity on the computer was concentrated.

Compatible with the following event log formats:

View Event Spawning and emitted event information

View a chronological histogram of event activity

View an event-id histogram showing relative event counts

Drill down arbitrarily deep - here we see the Event Ids emitted at 5:00pm, 8/17/17

Filter on special cases, such as:

  • Phantom Events
  • Shell Processes like Bash or Power Shell
  • Specific Event Ids

Filter on custom text searches - also note that matching text is highlighted in the Raw View.


Find it on the Microsoft Store
For side-loading solutions that bypass the Microsoft Store, please contact