Many times when performing forensic analysis of a system, you may need to parse the contents of binary files. This is somewhat different from parsing ASCII text files, such as IIS web server logs or other such files, as in that case you re most often reading in a line of ASCII text at a time, and parsing the contents of the line based on some delimiter. From there, you may do some matching or grep() searches. However with binary files, you re very often going to have to start at an offset within the file (many times that offset is 0, or the beginning of the file), read in a number of bytes, and then parse those bytes based on some organized, defined structure. The issue with this is that many times, that structure isn t defined, particularly not by the vendor, which in the case of analyzing files on Windows systems, would be Microsoft. This usually forces us to search the Internet looking for resources that define the structures, or at least give us a hint or points us in the right direction to decode the structures ourselves. This can often be in the form of C or Visual Basic code that we then translate to Perl.