Log Parser as a Forensic Tool

Explore the potential of Log Parser as a forensic tool in this 40-minute webinar from the OSDFCon series. Discover how this Microsoft tool can be integrated with open-source solutions to create a fast, lightweight system for collecting operating system data, registry information, and log files. Learn techniques for quickly parsing log files and registry data, and see how Log Parser can be combined with tools from The Sleuth Kit to form a comprehensive, open-source incident response toolkit. Gain insights from Robert Kardell, a former FBI agent with extensive experience in computer crimes and forensics, as he shares his expertise on using Log Parser for forensic investigations. Delve into topics such as command-line tools, SQL queries, file system queries, Log Parser Studio, and batch file analysis. Understand the tool's limitations and explore practical examples, including network list analysis and registry key examination.

Introduction
Roberts Background
Computer forensics
State data breach notification statutes
Resources
Command Line Tool
SQL Query
File System Query
Log Parser Studio
Log Parser Library
LogParser Studio
Query Last Right Time
VB Data Wrapper
Search for Events
Registry
Batch File Analysis
Limitations
Network List Example
Network List Error
Empty Registry Key
Questions