Lapho kuba umphathi wezinhlelo ngokuvamile ngaphakathi limisebenzi yansuku zonke abajwayele ukuyenza (ngaphezu kokudala nokuthola kabusha amaphasiwedi we-imeyili), kukhona ukunakekelwa nokuphathwa kwemishini.
Lapho ngokuvamile, ukugwema izinkinga eziningi, ukusebenza kwemishini maqondana nokufakwa kohlelo lokusebenza kuvame ukukhawulwa futhi ngaphezu kokwenza imikhawulo ethile ngaphakathi kwenethiwekhi yebhizinisi. Kule misebenzi ejwayelekile, abaningi bavame ukubabukela phansi abasebenzi osebenzisa okokusebenza, ngokwenza kuphela ukulinganiselwa okulula.
Bambalwa abaphathi wezinhlelo ababhekene namakhompyutha we-Linux ukuhlanganisa i-kernel bebodwa ukwazi ukwenza imikhawulo, lapho amachweba we-USB evame ukweqiwa khona.
Yilapho ithuluzi elikhulu lingena khona. engikuthole ku-surf inetha. Igama lakhe ngu usbrip, okuyinto emazwini omdali wayo
"Ithuluzi lomthombo ovulekile le-forensic elinesixhumi esibonakalayo se-CLI esikuvumela ukuthi ulandelele izinto zobuciko zedivayisi ye-USB (okusho umlando womcimbi we-USB) kumishini ye-Linux"
I-USBRip ikuvumela ukuthi ubuke ngokushesha okukhulu ngokuhlaziya izingodo zeLinux. Le software encane ebhalwe ngo-pure Python 3 (isebenzisa amanye amamojula wangaphandle) adlulisa amafayela we-Linux log ( / var / log / syslog * kanye / var / log / imiyalezo * kuya ngokusatshalaliswa) ukwakha amatafula womlando womcimbi we-USB.
Ngaphakathi kolwazi olunikezayo, okulandelayo kuyakhonjiswa: Usuku nesikhathi sokungena ngemvume, umsebenzisi, i-ID yomhlinzeki, i-ID yomkhiqizo, umkhiqizi, inombolo ye-serial, itheku nosuku nesikhathi sokuphuma.
Ngaphezu kwalokho, unga futhi:
- Thumela ulwazi oluqoqiwe njengokulahlwa kwe-JSON (bese uvula izilahla ezinjalo, kunjalo);
- khiqiza uhlu lwamadivayisi we-USB agunyaziwe (athembekile) njenge-JSON (yibize ngokuthi auth.json).
- Sesha imicimbi "yokwephula" ngokususelwa ku-auth.json: bonisa (noma yenza enye nge-JSON) amadivayisi e-USB avela kumlando futhi angaveli ku-auth.json.
- Lapho ifakiwe nge -s * idala izitoreji ezibetheliwe (amafayela we-7zip) ukwenza isipele nokuqongelela imicimbi ye-USB ngokuzenzekelayo ngosizo lwe-crontab. Ngaphezu kokukwazi ukusesha imininingwane eyengeziwe mayelana nedivayisi ethile ye-USB ngokuya nge-VID yayo kanye / noma i-PID.
Ungayifaka kanjani i-Usbrip kuLinux?
Kulabo abanentshisekelo yokukwazi ukufaka leli thuluzi, kumele kufakwe iPython 3 kusistimu yakho kanye nepay (uhlelo lokuphathwa kwephakeji likaPython)
Ukufaka i-Usbrip vele uvule ukuphela bese uthayipha umyalo olandelayo kuyo:
pip3 install usbrip
pip install terminaltables termcolor
pip install tqdm
Manje ngendlela efanayo bangalanda ikhodi yephrojekthi futhi basebenzise ithuluzi kusuka lapho. Ukuze benze lokhu, kufanele bathayiphe kuphela ukuphela:
git clone https://github.com/snovvcrash/usbrip.git usbrip
Ngemuva kwalokho bangena enkombeni nge:
cd usbrip
Futhi sixazulula ukuncika nge:
python3 -m venv venv && source venv/bin/activate
Ukusetshenziswa kwe-Usbrip
Ukusebenzisa leli thuluzi kuqondile. Ukuze ukubona umlando wezehlakalo senza nje umyalo olandelayo:
usbrip events history
O
python3 usbrip.py events history
Lapho izoboniswa khona imicimbi. Ngendlela efanayo, zingahlungwa ngezinsuku noma uhla olukhethekile.
Isibonelo
usbrip events history -e -d "Oct 10" "Oct 11" "Oct 12" "Oct 13" “Oct 14" "Oct 15"
O
python3 usbrip.py events history -e -d "Oct 10" "Oct 11" "Oct 12" "Oct 13" “Oct 14" "Oct 15"
Ngalesi senzo, imininingwane yawo wonke amadivayisi we-USB angaphandle axhunywe kwimishini izokhonjiswa phakathi nesikhathi kusuka ngo-Okthoba 10 kuya ku-15.
Ukusebenza ngezihlungi. Kunezinhlobo ezi-4 zokuhlunga ezitholakalayo: imicimbi yangaphandle ye-USB kuphela (amadivayisi angasuswa kalula -e); ngosuku (-d); ngezinkambu (–user, –vid, –pid, –product, –manufact, –serial, –port) nangangenani lokokufaka okutholakele njengokukhipha (-n).
Ukwenza ifayili le-JSON ngemicimbi:
usbrip events gen_auth /ruta/para/el/archivo.json -a vid pid -n 10 -d '2019-10-30'
O
python3 usbrip.py events gen_auth /ruta/para/el/archivo.json -a vid pid -n 10 -d '2019-10-30'
Okuzoqukatha imininingwane kumadivayisi okuqala ayi-10 axhunywe ngo-Okthoba 30, 2019.
Uma ufuna ukwazi kabanzi ngokusetshenziswa kwaleli thuluzi unga hlola isixhumanisi esilandelayo.