Thought I’d pass this along. Great talk and the tool is super useful
http://www.irongeek.com/i.php?page=videos/grrcon2017/gig14-hidden-treasure-detecting-intrusions-with-etw-zac-brown