[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] write events log to CD?

To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] write events log to CD?
From: Harlan Carvey <keydet89@xxxxxxxxx>
Date: Mon, 30 Aug 2004 03:26:01 -0700 (PDT)

Ali,

> Sending logs to a printer makes the most sense to
> me. Absolutely 
> unhijackable, and a good use for that old 9-pin
> dotmatrix and 2000 
> sheets of traction feed paper you have in the
> cupboard.
> 
> No idea whether it's possible on windows, though.

Why wouldn't this work?  Windows is able to print...so
your idea should work.

However, I'm not sure I see a great deal of efficiency
in doing so.  Perhaps a better idea would be to get
the Event Log entries off of the system as they are
generated, using a mechanism such as syslog.  

Along those lines, if you go to
http://patriot.net/~carvdawg/perl.html, you'll find a
Perl script named wmievt.pl...this script uses WMI to
watch the Event Log for new events.  When a new event
is generated, the script "wakes up".  This is just a
barebones, proof-of-concept script.  I will be
fleshing it out a bit and releasing on the web site
for my book (book: "Windows Forensics and Incident
Recovery", web site: http://www.windows-ir.com).

Hope that helps,

Harlan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Viral infection via Serial Cable
  - From: Jean Gruneberg

References:
- Re: [Full-Disclosure] write events log to CD?
  - From: Ali Campbell

Prev by Date: Re: [Full-Disclosure] RE: block all popups [google knockoff]; Re:
Next by Date: [Full-Disclosure] Bootable Memorystick?
Previous by thread: Re: [Full-Disclosure] write events log to CD?
Next by thread: [Full-Disclosure] Viral infection via Serial Cable
Index(es):
- Date
- Thread