Field notes from DFIR.

I’m Zach, a forensic analyst working in the world of DFIR and cybersecurity. This blog is where I share research, security tooling, home lab builds, postmortems, and quick triage of industry news that catches my eye.

Some posts are polished, while others are rough notes from a problem I spent too long solving, a tool I built, or an investigation that taught me something worth writing down. Notes for myself, shared in case they help someone else.

{
  "event": "blog_established",
  "ts": "2026-04-19T00:00:00Z",
  "uptime_days": 56,
  "user": "zburnham",
  "host": "labs.zerberos.io",
  "entries": 7,
  "tags": ["dfir", "tooling", "coffee"]
}

Featured Project

View all →

EIDVault

Live

An iOS app built for digital forensic analysts, incident responders, and Windows sysadmins working with Windows Event Logs (EVTX). It covers Windows Event IDs (EIDs) across a plethora of EVTX log channels, enriched with MITRE ATT&CK® mapping, detection rules (Sigma, KQL, Splunk) and additional investigation context. The app includes an on-device AI tab, Scenarios, powered by on-device Apple Foundation Models, that presents the user with relevant EIDs based on a provided prompt or attack scenario.

Field notes from DFIR.

Recent Entries

Agentjacking: the attack where nothing is unauthorized

iOS 27 gives Siri write access to your passwords - should it?

Home Lab Snapshot: May 2026

Featured Project

EIDVault