London, UK -  Cyber security professional with a particular interest in incident response and forensics, event logging, SOC, and SIEM management. SANS Cyber Retraining Academy graduate and ex-journalist


  • Cyber security and tech
  • Coding (Python, C#)
  • Reading and writing
  • Running and exercise
  • Playing guitar
  • Gaming (mainly PC)
  • Formula 1 and football

Currently thinking about

EVTX login session parser
I recently cobbled together a PowerShell script that extracts and correlates login/logout events from the Windows Security event log to identify user sessions. Read all about it - and try it out for yourself - in my overview blog post.

Recent blog posts

2023: Thoughts on new challenges and sharing experiences
Investigating Explorer's temporary ZIP folders and retrieving files
Parsing login sessions from the Windows event log with PowerShell
Using Tkinter to build simple GUIs for Python apps
Linux .bash_history: Basics, behaviours, and forensics
SANS Holiday Hack Challenge 2021: Slot machine walkthrough
SANS Holiday Hack Challenge 2021: Yara rule analysis walkthrough
Backutil development: Implementing multiprocessing in Python
Installing Splunk Free in a virtual machine for log analysis
File carving: Recovering a deleted file from a Windows disk image