“Forensic Log Parsing with Microsoft’s LogParser”

Just stumbled upon: Forensic Log Parsing with Microsoft’s LogParser. Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.

Investigating a web-based intrusion can be a daunting task, especially when you have no information other than knowing it was web-based. It is easy to waste precious time digging through megabytes, perhaps even gigabytes, of log files trying to locate suspicious activity. Often this search turns up little useful evidence.

And also SANS runs a post about Log Parser: Computer Forensics How-To: Microsoft Log Parser.

Download Log Parser 2.2 from Microsoft.


Did this post helped you solve a problem? Or dit you find it interesting? Support Sysadmins of the North with a direct donation via Paypal of by bank wire transfer IBAN: NL31 ABNA 0432217258 (Jan Reilink). Just $ 5,- or € 5,- is more than enough, thanks!

Support SAOTN.ORG


134 views

Leave a Reply

Your email address will not be published. Required fields are marked *