foren

[CODE]import re, os, sys sys.stdout = open('c:\\Fummy_Tasks\\RECONSTR_ANALYSIS\\04052010\\test1_Strings\\log1.txt', 'a') memdump = open('c:\\Fummy_Tasks\\RECONSTR_ANALYSIS\\04052010\\test1_Strings\\test.txt','rb') count = 1 while 1: memdump_line = memdump.readline() if not memdump_line:break evidence = open('c:\\Fummy_Tasks\\RECONSTR_ANALYSIS\\04052010\\test1_Strings\\word1.txt','rb') for x in range (0,len(memdump_line)-3): while 1: evidence_line = evidence.readline() if not evidence_line:break if memdump_line[x]==evidence_line[0] and memdump_line[x+1]==evidence_line[1] and memdump_line[x+2]==evidence_line[2]: print memdump_line print count count = …

[CODE]output = open('d:\code\\output.txt','w') for y in range (0,len(evidence_array)): output.write(evidence_array[y] + ', ' + found[y] + '\n') #I am not sure if this output writing is correct! output.close()[/CODE] PLEAE CAN SOMEONE HELP! ---I AM NOT SURE IF THIS OUTPUT WRITING IS CORRECT THANKS

[CODE]import os f = open(r'c:\Fummy_Tasks\Fummy_Forensic\19012010\IMAGES.txt') mkdir_name = 'mkdir c:\\Fummy_Tasks\\Fummy_Forensic\\19012010\\test2_Strings' print mkdir_name os.system(mkdir_name) mkdir_name = 'mkdir c:\\Fummy_Tasks\\Fummy_Forensic\\19012010\\test2_Memdmp' print mkdir_name os.system(mkdir_name) f = open(r'c:\\process_list_test2.img.txt','r') process_id = f.readline() while True: process_info = f.readline() if not process_info: break process_PID = process_info.split() openfilename = 'c:\\python26\\python.exe c:\\volatility-1.3_Beta\\volatility memdmp -f c:\\Fummy_Tasks\\Fummy_Forensic\\19012010\\test2.img -p %s' % (process_PID[1]) print openfilename …