As approximately 75% of desktop computers are using Windows, this is still the main operating system that attackers will target and hence the main OS that incident responders have to respond to and figure out how the computer was compromised, what did the attackers do, what other systems were compromised, etc... Unfortunately, the default log settings are completely inadequate and do not provide enough details for the investigators. Furthermore, even when proper logging is enabled, analysts face various challenges such as Windows logs are mostly noise, logs are separated across hundreds of files, fields are not normalized, messages are often cryptic, etc... making log analysis traditionally a very tedious and unpleasant task. Zach Mathis, the project leader for the Yamato Security tools, will explain about how to properly configure your logs in a practical manner and how to perform easy and scalable analysis with Hayabusa and Takajo, two free open-source tools. Hayabusa is a fast forensics timeline generator and threat hunting tool utilizing over 4000+ open-source Sigma detection rules. It is currently the only free and open-source tool that fully supports the Sigma specification letting your analysts detect the most complex attacks with the highest precision and customization. Takajo will further automate the most common analysis tasks as well as provide a dynamic web report to quickly triage alerts and compromised computers.