Tag: Windows

Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

by Zachary Burnham, posted in DFIR, ELK

While the ELK cluster is typically used for live monitoring, Winlogbeat can be tweaked to manually send "cold logs," or old, inactive Windows Event Logs (EVTX) to ELK manually. This functionality allows an analyst to take EVTX files from images of systems collected and utilize the functionality of the ELK stack for their investigations - … Continue reading Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

PandoraFMS: Build and Installation Guide

by Zachary Burnham, posted in Sysadmin

As I conclude my senior year in college, one of the final cyber courses I'm taking began to tough upon the importance of Network Management Systems. These systems can be of importance for both Cybersecurity and Digital Forensic professionals; allowing the user to monitor a network with logs/alerts previously configured by an organization's IT department … Continue reading PandoraFMS: Build and Installation Guide