EVTX login session parser
I recently cobbled together a PowerShell script that extracts and correlates login/logout events from the Windows Security event log to identify user sessions. Read all about it - and try it out for yourself - in my overview blog post.