tag:blogger.com,1999:blog-9518042.post113015044724003388..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Perl for ForensicsUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-1130770421798967862005-10-31T09:53:00.000-05:002005-10-31T09:53:00.000-05:00ALong with the ProDiscover Stuff it would be inter...ALong with the ProDiscover Stuff it would be interestering so see how a database could be generated (ie: SQLite) that could augment the current Open source tools to store information like event logs, mactimes, etc You could then use perl to parse this database and report off of it. Writing reports in XML and excel formats etc..Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1130245894029958692005-10-25T08:11:00.000-05:002005-10-25T08:11:00.000-05:00I'd like to see a book about using Perl to fire of...<I>I'd like to see a book about using Perl to fire off dd...</I><BR/><BR/>Something this narrow in scope wouldn't require a book...and a book on that subject wouldn't be something publishers would be interested in. <BR/><BR/><I>Also would like to have a collection of scripts that automatically grabs data if possible from an image and puts into a single report. Things like event logs, deleted files, registry, etc. </I><BR/><BR/>I've been collecting scripts and bits of code as I've worked with ProDiscover.<BR/><BR/>The most important question is...what would you want to see? I can't believe that you'd want all of the Event Logs and the entire Registry simply dumped into a report. Can you be more specific about the types of things you'd like to see?H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1130243555038283812005-10-25T07:32:00.000-05:002005-10-25T07:32:00.000-05:00Definitely would be interested! I'd like to see a ...Definitely would be interested! I'd like to see a book about using Perl to fire off dd (or dcfldd i think it is) / md5sum scripts for imaging and/or detection of ATA parameters to squeeze out the fastest performance possible<BR/><BR/>Also would like to have a collection of scripts that automatically grabs data if possible from an image and puts into a single report. Things like event logs, deleted files, registry, etc.Anonymousnoreply@blogger.com