On 03/26/2015 01:11 PM, Gregg Dotoli wrote:
On Wednesday, March 25, 2015 at 3:43:38 PM UTC-4, Gregg Dotoli wrote:
This basic script will help to find
evidence of CryptoWall on a slave drive. Although it is
just a string, more complex regex patterns can be
replaced with the string. It is incredible how fast Python is and
how easy it has helped in quickly assessing a pool of slave drives.
I'm improving it as we speak.
Thanks for your help and patience. I'm new with Python.
import os
import re
# From the Root
topdir = "."
# Regex Pattern
pattern="DECRYPT_I"
regexp=re.compile(pattern)
for dirpath,dirnames, files in os.walk(topdir):
for name in files:
result=regexp.search(name)
print(os.path.join(dirpath,name))
print (result)
Gregg Dotoli
I posted this because I thought it may be of help to others. This does grep
through all the files and is very fast because the regex is compiled in Python
, rather than sitting in some directory as an external command.
That is where the optimization comes in.
Let's close this thread.
It "grep"s through all the filenames, but there's no open() call or
equivalent there at all. it does not look inside a single file.
We can stop posting to the thread, but that won't fix the bug in the code.
--
DaveA
--
https://mail.python.org/mailman/listinfo/python-list
