Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

Update ShimCacheParser.py #16

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update ShimCacheParser.py #16

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bcd3d0e
Update ShimCacheParser.py
jokim0x01 May 24, 2017
90d2849
Update ShimCacheParser.py
jokim0x01 May 24, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions ShimCacheParser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -811,7 +811,7 @@ def read_zip(zip_name):
tmp_list = []
final_list = []
out_list = []
hostname = ""
hostname = "N/A"

try:
# Open the zip archive.
Expand All @@ -822,7 +822,7 @@ def read_zip(zip_name):
print "[+] Processing %d registry acquisitions..." % len(zip_contents)
for item in zip_contents:
try:
if '_w32registry.xml' not in item:
if 'w32registry' not in item:
continue
filename = item.split('/')
if len(filename) > 0:
Expand Down Expand Up @@ -853,8 +853,7 @@ def read_zip(zip_name):
print "[-] Error opening file: %s in MIR archive: %s" % (item, err)
continue
# Add the final header.
final_list.insert(0, ("Hostname", "Last Modified", "Last Update",
"Path", "File Size", "File Executed", "Key Path"))
final_list.insert(0, ("Hostname", "Last Modified", "Last Update", "Path", "File Size", "Exec Flag"))
return final_list

except (IOError, zipfile.BadZipfile, struct.error), err:
Expand Down Expand Up @@ -969,4 +968,3 @@ def main(argv=[]):

if __name__ == '__main__':
main(sys.argv)