An iOS app built for digital forensic analysts and incident responders. It covers Windows Event IDs (EIDs) across a plethora of EVTX log channels, enriched with MITRE ATT&CK mapping, detection rules (Sigma, KQL, Splunk) and additional investigation context. The app includes an on-device AI tab, Scenarios, powered by on-device Apple Foundation Models, that presents the user with relevant EIDs based on a provided scenario.

• Swift
• SwiftUI
• iOS
• DFIR

Blog posts (1)

Configuration, filter, and rule files for ELK Stack deployments, originally published under Burnham Forensics (a prior identity of Zerberos Labs). Includes Logstash pipelines, Sysmon and Winlogbeat configs, and ElastAlert rules, maintained against evolving threats and Elastic Stack updates.

• ELK
• Logstash
• Sysmon
• Winlogbeat
• DFIR