As a continuation of the “Introduction to Windows Forensics” series, this video introduces Log Parser. This powerful tool from Microsoft allows forensic examiners to query text-based data such as log files, CSV files, XML files, and numerous other data sources including Active Directory and the Registry. In this video, Richard Davis will show you how Log Parser can allow forensic examiners to query numerous Windows EVTX event logs using SQL syntax:
-
XFS (Part 1) – The Superblock
Hal Pomeranz has started a series of blog posts about forensic analysis of XFS file system… -
Cybercrime and Digital Forensics
A new book by Jason Wayne, “Cybercrime and Digital Forensics”, has been releas… -
Docker Explorer – a Tool to Help Forensicate Offline Docker Acquisitions
This project helps a forensics analyst explore offline Docker filesystems. Docker uses lay…
Load More Related Articles
-
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking… -
Introduction to USB Detective
This video is the next episode of “Introduction to Windows Forensics” series b… -
Forensic Lunch with Maxim Suhanov
This time the “Forensic Lunch” with David Cowen meets Maxim Suhanov – di…
Load More In Videos
