Welcome!

01001000 01100101 01101100 01101100 01101111 00100001

This is the personal blog of Zachary Burnham – a digital forensics and incident response (“DFIR”) consultant working against the ever-changing landscape of cybercrime.

As Zach was developing skills regarding DFIR, cybersecurity, and SOC at college, he realized he needed a better way to organize his notes on the wealth of subjects he was being exposed to. Furthermore, he didn’t have a clear way to share this knowledge, or a way to help his peers who may have had some of the same questions he had.

The purpose of Burnham Forensics is to solve that problem – to not only be a place for him to come back to for notes, but for others to peruse who are interested in the same topics discussed here. As a sort of “public notebook,” he is hopeful that this blog can be utilized to help those in his field and others similar.

Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

November 19, 2019November 19, 2019 by Zachary Burnham, posted in DFIR, ELK

While the ELK cluster is typically used for live monitoring, Winlogbeat can be tweaked to manually send “cold logs,” or old, inactive Windows Event Logs (EVTX) to ELK manually. This functionality allows an analyst to take EVTX files from images of systems collected and utilize the functionality of the ELK stack for their investigations – … Continue reading Manually upload EVTX log files to ELK with Winlogbeat and PowerShell

Using Default Filebeat Index Templates with Logstash

April 10, 2019 by Zachary Burnham, posted in ELK, SOC

In one of my prior posts, Monitoring CentOS Endpoints with Filebeat + ELK, I described the process of installing and configuring the Beats Data Shipper Filebeat on CentOS boxes. This process utilized custom Logstash filters, which require you to manually add these in to your Logstash pipeline and filter all Filebeat logs that way. But … Continue reading Using Default Filebeat Index Templates with Logstash

MooseFS: Build and Installation Guide

April 6, 2019April 6, 2019 by Zachary Burnham, posted in Sysadmin

I recently learned about Distributed File Systems (DFS) and the benefits they could bring to an organization whose needs require redundant and highly available information across their systems. As part of a class project, I had to look into MooseFS, a fault-tolerant, network based DFS that can be mounted to virtual disks on client machines. … Continue reading MooseFS: Build and Installation Guide

Creating a Multi-Node ELK Stack

March 17, 2019April 11, 2019 by Zachary Burnham, posted in ELK, SOC, Threat Hunting

Previously I had written a guide on Creating a Single-Node ELK Stack; covering what to do when you want create and utilize The Elastic Stack (also formally ELK) on a limited capacity, single-node basis. When assisting my roommate in creating an ELK stack of his own, I realized I had not yet described the process … Continue reading Creating a Multi-Node ELK Stack

Recent Posts