In this episode, we'll look at Chainsaw - a powerful new tool that can help us parse Windows Event Logs. Chainsaw provides both searching and hunting capabilities, and even includes built-in detection rules to find anomalistic behavior and the ability to load Sigma rules for even more advanced detection.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:26 - Chainsaw Searching
09:27 - Chainsaw Hunting
16:24 - Recap
🛠 Resources
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
