Year of Python (YOP) – Week One

05Jan15

Hello Reader!

So I decided to do a new type of New Years Resolution for 2015.  For the past few years I’ve been attempting to learn Python on my own.  I’ve always felt that having some type of programming skill can be helpful for anyone working in IT.  I think it gives people an opportunity to make their own tools to solve whatever challenges they are dealing with.

In late 2014 I participated in the local Chicago Python User Group (ChiPy) Mentor program.  And for the last few months, I’ve been working with my mentor on creating a Python script I’ve been thinking about for a while.  However the challenge for me has always be figuring out the logic/steps of what I want to do, and I’m still trying to figure out how to get over that hump.  I came up with an idea a few weeks ago to write some type of Python code every week for a year, and see if that will help improve my programming skills.

Thus begins what I’m calling the “Year of Python” (YOP).  Every week on Sunday I’ll be pushing a new program/script/whatever to a specific GitHub site, and post a corresponding blog entry here.

The GitHub site is located at:

https://github.com/CdtDelta/YOP

Week 1: Registry Parsing with Python

(special thanks to Willi Ballenthin for the module with this: http://www.williballenthin.com/registry/)

I’ve thought about creating a Python version of RegRipper for year or so.  I use Harlan’s program on about 90% of my cases, and I mainly use the GUI version to parse out the main registry keys for cases I work on.  What I wanted to do was create a Python script that would just go through the registry files I exported out of an image, and then parse specific keys.  I know it can be done with RegRipper, but this was more so I had an opportunity to write a Python program to do it.

What I’ve done so far with this program is parse out five different registry keys in the NTUSER.DAT file and print them.  I’ve created a function for each key that I’m parsing out.  The long time goal is to make modules that could be called from one main program (similar to how RegRipper is structured).  So there are some things I’ll add to the functions when the overall program is completed.

The program overall is rather simple, and is very similar to the examples on Willi’s site.  Since his module does most of the heavy lifting, it was easy to just copy and paste the functions for each key.  For the most part they are all the same, but the NTUSER.DAT Desktop key I’m specifically looking for the SCRNSAVE.EXE value.

That’s it for this week, we’ll see what I come up with for next week!

Advertisements


2 Responses to “Year of Python (YOP) – Week One”

  1. 1 david nides

    Nice work!

  2. 2 jeremy

    nice job!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: