01001000 01100101 01101100 01101100 01101111 00100001

This is the personal blog of Zachary Burnham – a digital forensics and incident response (“DFIR”) consultant working against the ever-changing landscape of cybercrime.

As Zach was developing skills regarding DFIR, cybersecurity, and SOC at college, he realized he needed a better way to organize his notes on the wealth of subjects he was being exposed to. Furthermore, he didn’t have a clear way to share this knowledge, or a way to help his peers who may have had some of the same questions he had.

The purpose of Burnham Forensics is to solve that problem – to not only be a place for him to come back to for notes, but for others to peruse who are interested in the same topics discussed here. As a sort of “public notebook,” he is hopeful that this blog can be utilized to help those in his field and others similar.

Recent Posts

Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

While the ELK cluster is typically used for live monitoring, Winlogbeat can be tweaked to manually send “cold logs,” or old, inactive Windows Event Logs (EVTX) to ELK manually. This functionality allows an analyst to take EVTX files from images of systems collected and utilize the functionality of the ELK stack for their investigations – … Continue reading Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

Using Default Filebeat Index Templates with Logstash

In one of my prior posts, Monitoring CentOS Endpoints with Filebeat + ELK, I described the process of installing and configuring the Beats Data Shipper Filebeat on CentOS boxes. This process utilized custom Logstash filters, which require you to manually add these in to your Logstash pipeline and filter all Filebeat logs that way. But … Continue reading Using Default Filebeat Index Templates with Logstash

MooseFS: Build and Installation Guide

I recently learned about Distributed File Systems (DFS) and the benefits they could bring to an organization whose needs require redundant and highly available information across their systems. As part of a class project, I had to look into MooseFS, a fault-tolerant, network based DFS that can be mounted to virtual disks on client machines. … Continue reading MooseFS: Build and Installation Guide

More Posts