John Strand was kind enough to invite me to present on the most excellent Security Weekly show last week.  We talked about how Logstash (and the ELK stack as a whole) can be helpful to make sense of massive log data generally associated with network or disk/memory-based forensic examinations.

I also released the latest update to the SANS FOR572 Logstash VMware appliance.  Learn more about the distribution and download the latest version here.

If you missed the Security Weekly presentation, check out the video or download the slides.