Usbrip: sesebelisoa sa ho latela lisebelisoa tsa USB

tšebeliso

Ha e le teng motsamaisi oa litsamaiso hangata kahare ho lmesebetsi ea letsatsi le letsatsi eo ba tloaetseng ho e etsa (ntle le ho theha le ho fumana li-password tsa imeile), ho na le tlhokomelo le tlhokomelo ea lisebelisoa.

Moo ka kakaretso, ho qoba mathata a mangata hakana, tšebetso ea lisebelisoa ho latela kopo ea kopo hangata e na le moeli hape ho tlatselletsa ho etsa lithibelo tse ling ka har'a marang-rang a khoebo. Mesebetsing ena e tloaelehileng, ba bangata ba tloaetse ho khella basebetsi tlaase ea sebelisang lisebelisoa, ka ho etsa feela meeli e bonolo.

Batsamaisi ba fokolang ea litsamaiso ba ikarabellang bakeng sa likhomphutha tsa Linux ho iketsetsa kernel ka botsona ho khona ho etsa lithibelo, tse atisang ho feta likoung tsa USB.

Mona ke moo sesebelisoa se seholo se kenang. eo ke e fumaneng ho letlooa ho letlooa. Lebitso la hae ke Tšebeliso, eo ka mantsoe a moetsi oa eona

"Ke sesebelisoa se bulehileng sa forensiki se nang le sebopeho sa CLI se u lumellang ho boloka lisebelisoa tsa lisebelisoa tsa USB (ke hore, nalane ea ketsahalo ea USB) mechineng ea Linux"

USBRip eu lumella ho sheba ka mokhoa o hlakileng haholoanyane ka ho sekaseka lifate tsa Linux. Software ena e nyane e ngotsoeng ka pure Python 3 (e sebelisa li-module tse kantle) tse tsamaisang lifaele tsa log tsa Linux / var / log / syslog * le / var / log / melaetsa * ho latela kabo) ho aha litafole tsa nalane ea ketsahalo ea USB.

Ka har'a tlhaiso-leseling eo u fanang ka eona, tse latelang li bonts'itsoe: Letsatsi le nako ea ho kena, mosebelisi, ID ea mofani, ID ea sehlahisoa, moetsi, nomoro ea serial, port le letsatsi le nako ea ho tsoa.

Ho phaella moo, u ka boela ua:

  • Export e bokellelitse tlhaiso-leseling e le thotobolo ea JSON ('me u bule lithotobolo tse joalo);
  • hlahisa lenane la lisebelisoa tse lumelletsoeng (tse tšepahalang) tsa USB joalo ka JSON (e bitse auth.json).
  • Batla liketsahalo tsa "tlolo ea molao" tse ipapisitseng le auth.json: bontša (kapa hlahisa e 'ngoe ka lisebelisoa tsa JSON) tsa USB tse hlahang nalaneng' me li sa hlahe ho auth.json.
  • Ha e kentsoe ka -s * e etsa li-storages tse kentsoeng ka mokhoa o patiloeng (lifaele tsa 7zip) ho boloka le ho bokella liketsahalo tsa USB ka boiketsetso ka thuso ea crontab. Ntle le ho khona ho batla lintlha tse ling mabapi le sesebelisoa se itseng sa USB ho ipapisitse le VID ea sona le / kapa PID.

mohato1

U ka kenya Usbrip joang Linux?

Bakeng sa ba nang le tjantjello ea ho khona ho kenya sesebelisoa sena, e tlameha ho kenya Python 3 tsamaisong ea hau hammoho le pip (Sisteme ea tsamaiso ea liphutheloana tsa Python)

Ho kenya Usbrip bula sesebelisoa ebe u thaepa taelo e latelang ho eona:

pip3 install usbrip
pip install terminaltables termcolor
pip install tqdm

Joale ka tsela e ts'oanang ba ka khoasolla khoutu ea projeke mme ba sebelisa sesebelisoa ho tloha moo. Ho etsa sena, ba tlameha ho thaepa feela ho tsoa seemelong sa lifofane:

git clone https://github.com/snovvcrash/usbrip.git usbrip

Ebe joale ba kenya bukana ka:

cd usbrip

Mme re rarolla litšepiso ka:

python3 -m venv venv && source venv/bin/activate

Tšebeliso ea usbrip

Ho sebelisa sesebelisoa sena ho batla ho hlakile. E le hore ho bona nalane ea liketsahalo re etsa taelo e latelang feela:

usbrip events history

O

python3 usbrip.py events history

Moo liketsahalo li tla bontšoa. Ka mokhoa o ts'oanang, li ka tlhotliloeng ka matsatsi kapa mefuta e ikhethang.

Ka mohlala

usbrip events history -e -d "Oct 10" "Oct 11" "Oct 12" "Oct 13" “Oct 14" "Oct 15"

O

python3 usbrip.py events history -e -d "Oct 10" "Oct 11" "Oct 12" "Oct 13" “Oct 14" "Oct 15"

Ka ketso ena, tlhaiso-leseling ea lisebelisoa tsohle tsa kantle tsa USB tse hokahantsoeng le lisebelisoa nakong ea ho tloha ka la 10 ho isa ho la 15 e tla hlahisoa.

Ho sebetsa ka lihlopha. Ho na le mefuta e 4 ea ho sefa e fumanehang: ke liketsahalo tsa kantle tsa USB feela (lisebelisoa tse ka tlosoang habonolo -e); ka letsatsi (-d); ka masimo (-user, -vid, -pid, -product, -manufact, -serial, -port) le ka palo ea lisebelisoa tse fumanoeng e le sehlahisoa (-n).

Ho hlahisa faele ea JSON ka liketsahalo:

usbrip events gen_auth /ruta/para/el/archivo.json -a vid pid -n 10 -d '2019-10-30'

O

python3 usbrip.py events gen_auth /ruta/para/el/archivo.json -a vid pid -n 10 -d '2019-10-30'

E tla ba le tlhaiso-leseling ka lisebelisoa tsa pele tse 10 tse hoketsoeng ka Mphalane 30, 2019.

Haeba u batla ho tseba haholoanyane ka ts'ebeliso ea sesebelisoa sena u ka sheba sehokela se latelang.


Litaba tsa sengoloa sena li latela melao-motheo ea rona ea melao ea boitšoaro ea bongoli. Ho tlaleha phoso tlanya mona.

E-ba oa pele ho fana ka maikutlo

Siea maikutlo a hau

aterese ya hao ya imeile ke ke ho phatlalatswa. masimo a hlokahala a tšoailoe ka *

*

*

  1. E ikarabella bakeng sa data: Miguel Ángel Gatón
  2. Morero oa data: Laola SPAM, tsamaiso ea maikutlo.
  3. Molao: Tumello ea hau
  4. Puisano ea data: Lintlha li ke ke tsa tsebisoa batho ba boraro ntle le ka tlamo ea molao.
  5. Polokelo ea data: Database e hapiloeng ke Occentus Networks (EU)
  6. Litokelo: Nako efe kapa efe o ka fokotsa, oa hlaphoheloa mme oa hlakola tlhaiso-leseling ea hau.