[Full-Disclosure] write events log to CD?
keydet89 at yahoo.com
Mon Aug 30 11:26:01 BST 2004
> Sending logs to a printer makes the most sense to
> me. Absolutely
> unhijackable, and a good use for that old 9-pin
> dotmatrix and 2000
> sheets of traction feed paper you have in the
> No idea whether it's possible on windows, though.
Why wouldn't this work? Windows is able to print...so
your idea should work.
However, I'm not sure I see a great deal of efficiency
in doing so. Perhaps a better idea would be to get
the Event Log entries off of the system as they are
generated, using a mechanism such as syslog.
Along those lines, if you go to
http://patriot.net/~carvdawg/perl.html, you'll find a
Perl script named wmievt.pl...this script uses WMI to
watch the Event Log for new events. When a new event
is generated, the script "wakes up". This is just a
barebones, proof-of-concept script. I will be
fleshing it out a bit and releasing on the web site
for my book (book: "Windows Forensics and Incident
Recovery", web site: http://www.windows-ir.com).
Hope that helps,
Full-Disclosure is hosted and sponsored by Secunia.