You don’t have to learn to code to be in cybersecurity….

…mas ajuda muito (but it helps)!

Whether you work as a Windows system admin or are doing Incident Response – spending a chunk of time practicing coding will benefit you. I will bet if you dedicate some time to writing python code to parse forensic artifacts, you will learn more about the systems you work on, as well as understand more of the language surrounding problems like Log4j.

Last week I was trying to troubleshoot an odd issue and I found that I could generate logs for the program I wanted to look at. The logs generated in a .txt format but manually CTRL-F’ing my way through them was tedious and inefficient due to the size of the file.

The information I wanted was mixed in with a bunch of irrelevant data.

I only wanted the lines with the message “Warning” so I could see log content that applied to the issue.

In under 5 minutes, was able to pull out one of my forensic parsing scripts, make a few changes and send the relevant information to the Python interpreter – cleaning the data to what I needed.

Fairly instant results instead of spending at least half an hour scrolling or searching for the activity.

If you have the time and mental space, learning Python (especially for forensics) is a really valuable skill-XRay glasses into the systems we work with.

My code for this and other projects is available here: https://github.com/DFIRLore

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s