Powershell for Log Analysis and Data Crunching presented at BSidesUK 2015

by Lewis Ardern, Michelle D'israeli,

Summary : You're stuck on a basic Windows estate, you can't pull the data out, there's no SIEM, and you have 20GB of logs you've been tasked to turn into actionable intelligence. Powershell brings not just in-built tools for querying Windows event logs, but also extremely powerful text processing tools. This talk will give you a quick overview of these features and its notable quirks, allowing you to pull off tricks that are often thought to be only for *NIX enviornments.