LogParser EVTX Adventures

I've been doing IR for a long time and I can't believe I have only now discovered the power of LogParser. Perhaps I was too spoiled by Splunk to actually be forced to learn this awesome tool. But now that I have gotten familiar with it, I see why it is so beloved. It's powerful … Continue reading LogParser EVTX Adventures

Using Mac OSXCollector with Splunk

I admit, the first time I had the opportunity to switch my work PC to a Mac, I jumped at it. However, I quickly regretted it. I was in a management job that was largely a race against the clock to handle emails, create powerpoints and massage spreadsheets. The learning curve wasn't fitting into my … Continue reading Using Mac OSXCollector with Splunk