Converted the Security event log to XML and then searched the XML file

Original writeup (http://ctfsolutions.blogspot.com/2018/02/tamu-ctf-2018-scenario-badbob.html).