As any incident responder will agree, you can never have too many logs. That is, of course, until you have to analyze them! I was recently on an engagement where our team had to review hundreds of gigabytes of logs looking for evidence of hacking activity. I was quickly reminded of how much I love Microsoft Log Parser. Log Parser is often misunderstood and underestimated. It could possibly be the best forensic analysis tool every devised. Imagine having the ability to take almost any chunk of data and quickly search it using SQL-based grammar. That's Log Parser in a nutshell. It is a lightweight SQL-based search engine that operates on a staggering number of different input types (see Figure 1). Yes, I know that tools like Splunk and Sawmill are built around this same idea, but keep in mind that Log Parser was written in the year 2000. I am constantly amazed at the power it affords the forensic analyst, and you can't beat the price (free). Save perhaps memory analysis, there isn't much it can't accomplish for an incident responder. Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: Computer Forensics How-To: Microsoft Log Parser
Read more: Computer Forensics How-To: Microsoft Log Parser
6 comments:
You're so interesting! I don't suppose I have read anything like this before.
So great to find somebody with original thoughts on this subject.
Really.. thank you for starting this up. This website
is something that is required on the internet,
someone with a little originality!
Visit my blog post https://statusnet.technocore.cz/elsaosgoo
I have learn several excellent stuff here. Definitely value bookmarking for revisiting.
I surprise how so much attempt you place to create one of these great informative web site.
Have a look at my web site; torontowineeducation.com
Pretty! This has been an extremely wonderful post.
Thank you for supplying these details.
Also visit my weblog: http://groupbuyingindia.com/property-deals/tall-womens-clothing-fill-your-wardrobe-with-trendy-clothing/
Unquestionably believe that which you stated. Your favorite justification seemed
to be on the net the simplest thing to be aware of. I say to
you, I definitely get irked while people consider worries that they just do not know about.
You managed to hit the nail upon the top and also
defined out the whole thing without having side effect , people
can take a signal. Will likely be back to get more. Thanks
My web-site :: http://www.greyscustomgold.com
Hello! I just wanted to ask if you ever have any problems with hackers?
My last blog (wordpress) was hacked and I ended up losing
several weeks of hard work due to no back up.
Do you have any solutions to stop hackers?
Here is my webpage :: http://www.besteyecreamfordarkcircles.net/lifestyle/the-issue-of-spending-on-baby-clothing
Heya this is kind of of off topic but I was wanting to know if blogs use WYSIWYG
editors or if you have to manually code with HTML.
I'm starting a blog soon but have no coding know-how so I wanted to get guidance from someone with experience. Any help would be greatly appreciated!
My homepage Wiki.dsmu.edu.Ua
Post a Comment