![perl scripts prodiscover forensics perl scripts prodiscover forensics](https://linuxhint.com/wp-content/uploads/2020/06/9-6.png)
![perl scripts prodiscover forensics perl scripts prodiscover forensics](https://s1.manualzz.com/store/data/006581109_1-b156a624b2eec29726a22d73d8c0fda7.png)
While ((read STDIN, $block, 4096) != 0) Ĭonvert 6-byte integer into MAC address string $ echo 256136729009152 |perl -e 'print unpack "H12", pack "Q", ' Possibly a limited application, but hey, maybe someone can use it :-) #!/usr/bin/perl -w Yes, I know pdftk will accomplish this just peachy, but I needed to decompress only - pdftk will normalize data.
#Perl scripts prodiscover forensics pdf#
That said, let's get to it.ĭecompress streams in a PDF file (from STDIN) This is just food for thought, not an authoritative entry. There are certainly conceivable conditions in which these scripts may not function as designed - input is a terrifying thing sometimes. If you've found / know of a better way, good for you. As with anything Perl, there are 1,000 ways to accomplish anything. I know hating on Perl scripts is a common past-time for some with nothing better to do, so I'll issue this disclaimer: these scripts have been accurate enough, fast, elegant, and readable for my purposes. I'm also going to include a few unrelated gems that have proven helpful for me over the years. In the meantime, I threw together a few neat perl scripts I figured I'd share here that may be of broader general interest. Stand by, we'll keep trying to find some sort of classification technique to identify "interesting" PDF's for manual inspection with a low false-positive rate irrespective of exploit. Should've seen that one coming a mile away. I couldn't even get as far as rejecting my null hypothesis since component bytes, as random variables, are - no surprise - not normally distributed and therefore chi-square isn't really applicable. I hoped to be writing to you about how I found a great chi-square technique to identify trojaned PDF's (we've certainly seen our share - 8.1, 8.1.1, and now 8.3/9.0.).