SANS Digital Forensics and Incident Response Blog: Daily Archives: Feb 10, 2011

Computer Forensics How-To: Microsoft Log Parser

As any incident responder will agree, you can never have too many logs. That is, of course, until you have to analyze them! I was recently on an engagement where our team had to review hundreds of gigabytes of logs looking for evidence of hacking activity. I was quickly reminded of how much I love … Continue reading Computer Forensics How-To: Microsoft Log Parser