Welcome!

01001000 01100101 01101100 01101100 01101111 00100001

My name is Zachary Burnham – an Associate Consultant at RSM in their Digital Forensics and Incident Response practice.

As I’ve been developing skills regarding DFIR, Cybersecurity, and SOC, I realized I was amassing a wealth of notes on various subjects, with almost no way of organizing them. Furthermore, I didn’t have a clear way to share this knowledge; to help my peers who may have the same questions I had.

So, here we are.

The purpose of Burnham Forensics is to not only be a place for me to come back to for notes, but for others to peruse who are interested in the topics discussed here. As a sort of “public notebook,” it is my hope that this blog can be utilized to help those in my field and others similar.

Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

November 19, 2019November 19, 2019 by Zachary Burnham, posted in DFIR, ELK

While the ELK cluster is typically used for live monitoring, Winlogbeat can be tweaked to manually send “cold logs,” or old, inactive Windows Event Logs (EVTX) to ELK manually. This functionality allows an analyst to take EVTX files from images of systems collected and utilize the functionality of the ELK stack for their investigations – … Continue reading Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

Using Default Filebeat Index Templates with Logstash

April 10, 2019 by Zachary Burnham, posted in ELK, SOC

In one of my prior posts, Monitoring CentOS Endpoints with Filebeat + ELK, I described the process of installing and configuring the Beats Data Shipper Filebeat on CentOS boxes. This process utilized custom Logstash filters, which require you to manually add these in to your Logstash pipeline and filter all Filebeat logs that way. But … Continue reading Using Default Filebeat Index Templates with Logstash

MooseFS: Build and Installation Guide

April 6, 2019April 6, 2019 by Zachary Burnham, posted in Sysadmin

I recently learned about Distributed File Systems (DFS) and the benefits they could bring to an organization whose needs require redundant and highly available information across their systems. As part of a class project, I had to look into MooseFS, a fault-tolerant, network based DFS that can be mounted to virtual disks on client machines. … Continue reading MooseFS: Build and Installation Guide

Creating a Multi-Node ELK Stack

March 17, 2019April 11, 2019 by Zachary Burnham, posted in ELK, SOC, Threat Hunting

Previously I had written a guide on Creating a Single-Node ELK Stack; covering what to do when you want create and utilize The Elastic Stack (also formally ELK) on a limited capacity, single-node basis. When assisting my roommate in creating an ELK stack of his own, I realized I had not yet described the process … Continue reading Creating a Multi-Node ELK Stack

Recent Posts