Hal Pomeranz<p>Coty Tuggle put together this cool lightweight incident tracking framework (adapted from earlier work by CrowdStrike). If you're dealing with Windows event logs in your investigation, this looks like a great resource for individual analysts to organize their investigations and produce incident timelines in a reproducible manner. Coty's example does it with Splunk, but it should be easy to adapt his framework to your preferred log analysis platform.</p><p><a href="https://medium.com/@ctugglev/you-can-run-but-my-tracker-is-faster-38f9bacaf324" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@ctugglev/you-can-r</span><span class="invisible">un-but-my-tracker-is-faster-38f9bacaf324</span></a></p><p><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://infosec.exchange/tags/EventLogs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EventLogs</span></a></p>