Investigating a web-based intrusion can be a daunting task, especially when you have no information other than knowing it was web-based. It is easy to waste precious time digging through megabytes, perhaps even gigabytes, of log files trying to locate suspicious activity. Often this search turns up little useful evidence.
And also SANS runs a post about Log Parser: Computer Forensics How-To: Microsoft Log Parser.
Download Log Parser 2.2 from Microsoft.
Source: Forensic Log Parsing with Microsoft's LogParser