Welcome!

01001000 01100101 01101100 01101100 01101111 00100001

My name is Zachary Burnham – an Associate Consultant at RSM in their Digital Forensics and Incident Response practice.

As I’ve been developing skills regarding DFIR, Cybersecurity, and SOC, I realized I was amassing a wealth of notes on various subjects, with almost no way of organizing them. Furthermore, I didn’t have a clear way to share this knowledge; to help my peers who may have the same questions I had.

So, here we are.

The purpose of Burnham Forensics is to not only be a place for me to come back to for notes, but for others to peruse who are interested in the topics discussed here. As a sort of “public notebook,” it is my hope that this blog can be utilized to help those in my field and others similar.

Using Default Filebeat Index Templates with Logstash

April 10, 2019 by Zachary Burnham, posted in ELK, SOC

In one of my prior posts, Monitoring CentOS Endpoints with Filebeat + ELK, I described the process of installing and configuring the Beats Data Shipper Filebeat on CentOS boxes. This process utilized custom Logstash filters, which require you to manually add these in to your Logstash pipeline and filter all Filebeat logs that way. But … Continue reading Using Default Filebeat Index Templates with Logstash

MooseFS: Build and Installation Guide

April 6, 2019April 6, 2019 by Zachary Burnham, posted in Sysadmin

I recently learned about Distributed File Systems (DFS) and the benefits they could bring to an organization whose needs require redundant and highly available information across their systems. As part of a class project, I had to look into MooseFS, a fault-tolerant, network based DFS that can be mounted to virtual disks on client machines. … Continue reading MooseFS: Build and Installation Guide

Creating a Multi-Node ELK Stack

March 17, 2019April 11, 2019 by Zachary Burnham, posted in ELK, SOC, Threat Hunting

Previously I had written a guide on Creating a Single-Node ELK Stack; covering what to do when you want create and utilize The Elastic Stack (also formally ELK) on a limited capacity, single-node basis. When assisting my roommate in creating an ELK stack of his own, I realized I had not yet described the process … Continue reading Creating a Multi-Node ELK Stack

Monitoring CentOS Endpoints with Filebeat + ELK

March 12, 2019 by Zachary Burnham, posted in ELK, SOC

In some of my previous posts regarding ELK, we have touched upon numerous ways of sending data from Windows endpoints – however not from much else. In the real world, thankfully, not everything runs off Microsoft’s Operating System. Not to hit Microsoft in any way, but for anyone who has experienced systems administration in regards … Continue reading Monitoring CentOS Endpoints with Filebeat + ELK

Recent Posts