Some excellent articles:
https://isc2.sans.org/diary.html?storyid=1917
http://isc.sans.org/diary.html?storyid=2268
Or just override the write and evaluation features with custom functions, slap them on the front, and run them through spidermonkey.
Wednesday, February 21, 2007
Wednesday, February 14, 2007
Finding Files and Counting Lines at the Windows Command Prompt
An article about some Windows basics that are rather important in the forensics world.
http://isc.sans.org/diary.html?storyid=2244
http://isc.sans.org/diary.html?storyid=2244
Thursday, February 8, 2007
Perl Scripting to Decode Encoded or Escaped Pages
Basic form
> cat file.htm | perl -pe 's///ge'
Now fill in the searches and substitution functions between the slashes. Final form:
> echo "test1%202%203%20" | perl -pe 's/\%(..)/chr(hex($1))/ge'
test1 2 3
> cat file.htm | perl -pe 's///ge'
Now fill in the searches and substitution functions between the slashes. Final form:
> echo "test1%202%203%20" | perl -pe 's/\%(..)/chr(hex($1))/ge'
test1 2 3
Monday, February 5, 2007
Thursday, February 1, 2007
Searching for a File of a Given Date in DOS
Important in Windows forensics work. Care of Mike S.
The date to check is xx/xx/xxxx. The command to do the search would be something along these lines:
dir c:\*.* /a /t:c /s | find "xx/xx/xxxx" > results.txt
Subscribe to:
Posts (Atom)