Setting up an O.MG cable for keystroke injection attacks, and then forensically dumping the firmware for analysis.
Those of you who are following my blog will remember that in my last EnScript blog post I created a UsnJrnl EnScript and I promised I would add a Graphical User Interface (GUI) to enhance its functionality. I have finally managed to find some of that stuff they call free time and tear myself away from work to complete it.
I used James Habbens Blog Post as that explains it far better than i can. Coupled with some assistance from my python guru Kev I expand my initial UsnJrnl EnScript and will explain some of the additions below.
when we look at the -h options in UsnJrnl.py we can see that there are really only two I would like to get the users input for; ideal for a GUI.
Input and Output filenames are dynamically generated within EnScript already and stdout is of no use to us within EnCase. This leaves CSV and TSV outputs.
In this image you can see the area of the EnScript that deals with the two check box options that appear on my GUI there are other options that can be used for text boxes etc but I did not require them for this EnScript ( A good tutorial that goes into a lot of the options can be found here). We also see how variables and values are assigned to these options.
The next part of the EnScript is where we compile the command line that will be presented to UsnJrnl.py. We use some simple If statements to figure out which choices the user made. And add some console lines to let the user know that the output file has been written:
The way the python scripts are called its possible for the EnScript to finish before the python process has completed. As some UsnJrnl files can become quite large, a couple more console lines for the user:
Running the script in EnCase should provide you with something like this;
Now when I look in my export folder I find brand new CSV andTSV files showing all of the details parsed out from the UsnJrnl.$J file.
I have found creating this EnScript very beneficial to my learning but it has also shown me that while running python scripts on their own is fairly easy, and arguably gives you more control. Integrating python into EnScripts and adding a GUI has streamlined what was already a quick process whilst retaining the extra functionality the native script provides.
The updated EnScript can be found on my github here.
As always any comments or suggestions are always accepted and appreciated and can be placed in the comments below or track me down via the other contact options available.