Field notes from DFIR.

I'm Zach, a forensic analyst working in the world of DFIR and cybersecurity. This blog is home to research, security tooling, home lab builds, and postmortems from when things go sideways.

Some posts are polished, while others are rough notes from a problem I spent too long solving, a tool I built, or an investigation that taught me something worth writing down. Notes for myself, shared in case they help someone else.

{
  "event": "blog_established",
  "ts": "2026-04-19T00:00:00Z",
  "uptime_days": 46,
  "user": "zburnham",
  "host": "labs.zerberos.io",
  "entries": 5,
  "tags": ["dfir", "tooling", "coffee"]
}

Featured Project

View all →

EIDVault

Live

An iOS app built for digital forensic analysts, incident responders, and Windows sysadmins working with Windows Event Logs (EVTX). It covers Windows Event IDs (EIDs) across a plethora of EVTX log channels, enriched with MITRE ATT&CK® mapping, detection rules (Sigma, KQL, Splunk) and additional investigation context. The app includes an on-device AI tab, Scenarios, powered by on-device Apple Foundation Models, that presents the user with relevant EIDs based on a provided prompt or attack scenario.

Field notes from DFIR.

Recent Entries

Home Lab Snapshot: May 2026

Meet SousChef, an Experiment in CyberChef Recipes from a Local LLM

Running Claude Code Locally with LM Studio on Apple Silicon

Featured Project

EIDVault