So in this blog post I am going to start a series of posts dealing with installing the Elasticsearch stack and then using Winlogbeat to forward Windows event logs and Filebeat to forward bro logs and then finally we will build out some cool visualizations and dashboards. I will be installing the Elasticsearch stack on … Continue reading Elasticsearch Stack Install Part 1 Elasticsearch
Using PowerShell and Python to Analyze Amcache
I wanted to write this post on using PowerShell and Python, specifically PowerForensics and the pandas library to remotely copy the Amcache.hve file from multiple computers and then use amcacheparser.exe to parse all the amcache files and then load them all up into a pandas DataFrame for analysis. What you will need to accomplish this, … Continue reading Using PowerShell and Python to Analyze Amcache
