forensic系ツール RegLookupとGrokEVT
RegLookup is an small command line utility for reading and querying Windows NT/2K/XP registries.
GrokEVT is a collection of scripts built for reading Windows NT (and later) event log files.
http://projects.sentinelchicken.org/reglookup/
http://projects.sentinelchicken.org/grokevt/