You have been presented with the opportunity to work as a junior DFIR consultant for a big consultancy. However, they have provided a technical assessment for you to complete. The consultancy Forela-Security would like to gauge your Windows Event Log Analysis knowledge. We believe the Cyberjunkie user logged in to his computer and may have taken malicious actions. Please analyze the given event logs and report back.
https://app.hackthebox.com/sherlocks/LogJammer
We unzip and see we have this logs
I will be using splunk and will show you how you can use it as well so of course first you have to download it from this link : https://www.splunk.com/en_us/download.html
now you open it and click on Monitor
then File & Directories
Then choose the path of the logs
name the index (this is optional)
and that's it
but for me my trial license is over so i can change it to free trial in settings right nooooo it didn’t work i had to do it manually so i will tell you how as well