digital-forensics-labs/digital-forensics-lab
1
0
Fork 0
mirror of https://github.com/frankwxu/digital-forensics-lab.git synced 2026-02-20 13:40:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

imporve readability NIST_data_leakage_01_registry.ppt

Browse Source
This commit is contained in:
Frank Xu
2023-09-15 19:05:55 -04:00
parent 8d70e7c275
commit 8236a46502
23 changed files with 112696 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
NIST_Data_Leakage_Case/NIST_Answers/lab_generated_file/Registry.zip Normal file
View File

Binary file not shown.

BIN
NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx
View File

Binary file not shown.

BIN
NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx
View File

Binary file not shown.

BIN
NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML_Python.pptx Normal file
View File

Binary file not shown.

36684
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/SecurityEvt.xml Normal file
View File

File diff suppressed because it is too large Load Diff

36682
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/SecurityEvt_ns_removed.xml Normal file
View File

File diff suppressed because it is too large Load Diff

21
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore.xml Normal file
View File

@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<bookstore>
<book category="cooking">
<title lang="en">Everyday Italian</title>
<author>Giada De Laurentiis</author>
<year>2005</year>
<price>30.00</price>
</book>
<book category="children">
<title lang="en">Harry Potter</title>
<author>J K. Rowling</author>
<year>2005</year>
<price>29.99</price>
</book>
<book category="web">
<title lang="en">Learning XML</title>
<author>Erik T. Ray</author>
<year>2003</year>
<price>39.95</price>
</book>
</bookstore>

10
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_book_category_attrib.py Normal file
View File

@@ -0,0 +1,10 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore_removed_ns.xml")
root = tree.getroot()
# Iterate through the book elements and print their category attributes
for book in root.findall(".//book"): # Find all 'book' elements at any depth
# Get book category attribute
cate = book.attrib.get("category")
print("book category: {}".format(cate))

16
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_tags.py Normal file
View File

@@ -0,0 +1,16 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore.xml")
root = tree.getroot()
# Create an empty set to store unique tag names
tag_names = set()
# Iterate through the elements and collect unique tag names
for element in root.iter():
tag_names.add(element.tag)
# Convert the set to a sorted list and print the tag names
tag_list = sorted(tag_names)
for tag in tag_list:
print(tag)

11
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_titles_v1.py Normal file
View File

@@ -0,0 +1,11 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore.xml")
root = tree.getroot()
# Iterate through the book elements and print their titles
for book in root.findall(".//book"): # Find all 'book' elements at any depth
# Find the first 'title' elements at current depth
title_element = book.find("title")
if title_element is not None:
print("Book Title: {}".format(title_element.text))

8
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_list_titles_v2.py Normal file
View File

@@ -0,0 +1,8 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore.xml")
root = tree.getroot()
# Find and print all the "year" elements
for title_element in root.findall(".//title"):
print(title_element.text)

21
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_ns.xml Normal file
View File

@@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<bookstore xmlns="http://schemas.exampl.com">
<book category="cooking">
<title lang="en">Everyday Italian</title>
<author>Giada De Laurentiis</author>
<year>2005</year>
<price>30.00</price>
</book>
<book category="children">
<title lang="en">Harry Potter</title>
<author>J K. Rowling</author>
<year>2005</year>
<price>29.99</price>
</book>
<book category="web">
<title lang="en">Learning XML</title>
<author>Erik T. Ray</author>
<year>2003</year>
<price>39.95</price>
</book>
</bookstore>

23
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_remove_ns.py Normal file
View File

@@ -0,0 +1,23 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore.xml")
root = tree.getroot()
# Define a function to recursively remove all namespace prefixes
def remove_namespace_prefix(element):
print(element.tag)
element.tag = element.tag.split("}", 1)[-1] # Remove namespace prefix
for child in element:
remove_namespace_prefix(child)
# Remove namespace prefixes from the root element and its descendants
remove_namespace_prefix(root)
# Convert the modified XML tree to a string
modified_xml = ET.tostring(root, encoding="utf-8")
# Save the updated XML to a new file
with open("bookstore_removed_ns.xml", "wb") as f:
f.write(modified_xml)

20
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_removed_ns.xml Normal file
View File

@@ -0,0 +1,20 @@
<bookstore>
<book category="cooking">
<title lang="en">Everyday Italian</title>
<author>Giada De Laurentiis</author>
<year>2005</year>
<price>30.00</price>
</book>
<book category="children">
<title lang="en">Harry Potter</title>
<author>J K. Rowling</author>
<year>2005</year>
<price>29.99</price>
</book>
<book category="web">
<title lang="en">Learning XML</title>
<author>Erik T. Ray</author>
<year>2003</year>
<price>39.95</price>
</book>
</bookstore>

12
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_show_first_book.py Normal file
View File

@@ -0,0 +1,12 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore.xml")
root = tree.getroot()
# Access the first child element of the root directly using indexing
first_element = root[0]
# Print the tag name and text content of the first element
print("Tag Name:", first_element.tag)
for child in first_element:
print(f"{child.tag}: {child.text}")

15
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_update_one_author.py Normal file
View File

@@ -0,0 +1,15 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore.xml")
root = tree.getroot()
# Find the "author" element with the current name and update it
for author_element in root.findall(".//author"):
if author_element.text == "Giada De Laurentiis":
author_element.text = "Giada Laurentiis"
# Serialize the updated XML to a string
updated_xml_content = ET.tostring(root, encoding="utf-8")
# Print the updated XML content
print(updated_xml_content.decode("utf-8"))

17
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/bookstore_update_price_plus1.py Normal file
View File

@@ -0,0 +1,17 @@
import xml.etree.ElementTree as ET
tree = ET.parse("bookstore.xml")
root = tree.getroot()
# Find and update all the "price" elements
for price_element in root.findall(".//price"):
current_price = float(price_element.text)
new_price = current_price + 1
price_element.text = str(new_price)
# Serialize the updated XML to a string
updated_xml_content = ET.tostring(root, encoding="utf-8")
# Save the updated XML to a new file
with open("bookstore_updated.xml", "wb") as f:
f.write(updated_xml_content)

39045
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityEvt_formatted.xml Normal file
View File

File diff suppressed because it is too large Load Diff

22
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_findall_eventid_time.py Normal file
View File

@@ -0,0 +1,22 @@
import xml.etree.ElementTree as ET
import xml.dom.minidom as minidom
tree = ET.parse("SecurityEvt_ns_removed.xml")
root = tree.getroot()
# Iterate through all System elements
for system_element in root.findall(".//System"):
event_id_element = system_element.find("EventID")
time_created_element = system_element.find("TimeCreated")
# Check if EventID and TimeCreated elements exist
if (
event_id_element is not None
and event_id_element.text == "4608"
and time_created_element is not None
):
event_id = event_id_element.text
system_time = time_created_element.get("SystemTime")
# Print the lists of EventID and TimeCreated values
print("EventIDs: {} and SystemTimes: {}".format(event_id, system_time))

26
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_format.py Normal file
View File

@@ -0,0 +1,26 @@
import xml.etree.ElementTree as ET
import xml.dom.minidom as minidom
tree = ET.parse("SecurityEvt_ns_removed.xml")
root = tree.getroot()
# Convert the entire XML to a string with pretty formatting
formatted_xml_str = ET.tostring(root, encoding="utf-8", method="xml").decode("utf-8")
# Parse the formatted XML content
dom = minidom.parseString(formatted_xml_str)
# Pretty print the XML content
pretty_xml = dom.toprettyxml(indent=" ")
# Remove extra blank lines
non_empty_pretty_lines = [line for line in pretty_xml.splitlines() if line.strip()]
# Join the lines to get the final XML content
formatted_xml = "\n".join(non_empty_pretty_lines)
# Save the nicely formatted XML to a new file
with open("securityEvt_formatted.xml", "w") as file:
file.write(formatted_xml)
print("Formatted XML saved to 'securityEvt_formatted.xml'.")

16
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_list_tags.py Normal file
View File

@@ -0,0 +1,16 @@
import xml.etree.ElementTree as ET
tree = ET.parse("SecurityEvt.xml")
root = tree.getroot()
# Create an empty set to store unique tag names
tag_names = set()
# Iterate through the elements and collect unique tag names
for element in root.iter():
tag_names.add(element.tag)
# Convert the set to a sorted list and print the tag names
tag_list = sorted(tag_names)
for tag in tag_list:
print(tag)

23
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_ns_remove.py Normal file
View File

@@ -0,0 +1,23 @@
import xml.etree.ElementTree as ET
tree = ET.parse("SecurityEvt.xml")
root = tree.getroot()
# Define a function to recursively remove all namespace prefixes
def remove_namespace_prefix(element):
# print(element.tag)
element.tag = element.tag.split("}", 1)[-1] # Remove namespace prefix
for child in element:
remove_namespace_prefix(child)
# Remove namespace prefixes from the root element and its descendants
remove_namespace_prefix(root)
# Convert the modified XML tree to a string
modified_xml = ET.tostring(root, encoding="utf-8")
# Save the updated XML to a new file
with open("SecurityEvt_ns_removed.xml", "wb") as f:
f.write(modified_xml)

24
NIST_Data_Leakage_Case/py_version/pycode/security_evt_xml/securityevt_show_first_event.py Normal file
View File

@@ -0,0 +1,24 @@
import xml.etree.ElementTree as ET
import xml.dom.minidom as minidom
tree = ET.parse("SecurityEvt_ns_removed.xml")
root = tree.getroot()
# Find the first Event element
first_event = root.find(".//Event")
# Check if a Event element was found
if first_event is not None:
# Convert the first Event element to a string with pretty formatting
first_event_str = ET.tostring(first_event, encoding="unicode", method="xml")
# Parse the XML content
dom = minidom.parseString(first_event_str)
# Pretty print the XML content
pretty_xml = dom.toprettyxml(indent=" ")
# Print the nicely formatted XML
print(pretty_xml)
else:
print("No Event elements found in the XML.")