These days while sitting idle I thought to look into the SPSE course's exercises,and Thought to present my customized solution to the problem.
Problem:-
Its is all about the
"Read /var/log/messages - find all the logs in it which pertain to USB and print them out selectively"
In general the excercise wants us to write a python code which would just read the file present on linux machine and print our the lines containing "USB".
So to add a twist I just thought why not make it as forensic challenge and print out all USB entries no matter our program run on "Windows" or "Linux"
so here I go with my solutions:-
from _winreg import * import os def identify_os(): if(os.name=="nt"): """print r"*** Reading usb logs history ***" """ aReg = ConnectRegistry(None, HKEY_LOCAL_MACHINE) aKey = OpenKey(aReg, r"SYSTEM\CurrentControlSet\Enum\USBSTOR") for i in range(1024): try: asubkey_name = EnumKey(aKey, i) print asubkey_name except EnvironmentError: break elif(os.name=="linux"): with open("/var/log/message") as fh: for line in fh: if("usb" in line): print "line of usb",line
0 comments:
Post a Comment