SANS just published an interesting paper on using Excel for incident investigations.
A good read for incident responders to learn how to use Microsoft Excel and some of its more advanced features during an intrusion if a SIEM or similar product is not available (who doesn’t have them these days!?)
This guide will contain up to three methods for each example presented. First, the paper will show some of the things you can do with Excel by just using the toolbar commands. Second, if available, an Excel Function will be created to show how it can be slightly automated. Third, to enhance the Excel Function process even further, Visual Basic for Applications (VBA) code will be provided. Knowing alternate ways of manipulating different types of data will allow you to incorporate the results into the standard output described below.