Forensic use of Logparser 2.2

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Stamitz 16 years ago

1 Posts

1 Users

0 Reactions

295 Views

RSS

Stamitz

(@stamitz)

Posts: 34

Eminent Member

Topic starter

I've fallen in love (again)
her name Logparser 2.2

http//www.iis.net/default.aspx?tabid=2&subtabid=29#LogParser

Now, I'm making a list with sql commands which can be used to parse and carve within forensic images. I wonder if anybody else uses logparser 2.2 for their daily work. If so, please let me know your script / command etc. I'm not looking for scripts and methods to parse serverlogs etc., just handy commands to use for our daily work, like

Parsing eventlogs

logparser "SELECT * INTO c\syseventlist.csv FROM c\backup\SysEvent.Evt ORDER BY TimeGenerated DESC" -iEVT

logparser "SELECT * INTO c\Events7035.csv FROM c\backup\SysEvent.Evt WHERE EventID='7035'" -iEVT

logparser "SELECT * FROM c\backup\*.Evt WHERE Message like '%truecrypt%'"

etc.

Parsing chatlogs

logparser "SELECT * INTO chatlogs-20070901.csv FROM c\backup\*.xml WHERE Date2 like '%01-09-2009%'"

etc.

Please let me know yours so I can add them to my list

Stamitz

Posted : 09/01/2008 6:12 pm

8 Forums
15.5 K Topics
92 K Posts
14 Online
40.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed