This basic script will help to find
evidence of CryptoWall on a slave drive. Although it is
just a string, more complex regex patterns can be
replaced with the string. It is incredible how fast Python is and
how easy it has helped in quickly assessing a pool of slave drives.
I'm improving it as we speak.
Thanks for your help and patience. I'm new with Python.
import os
import re
# From the Root
topdir = "."
# Regex Pattern
pattern="DECRYPT_I"
regexp=re.compile(pattern)
for dirpath,dirnames, files in os.walk(topdir):
for name in files:
result=regexp.search(name)
print(os.path.join(dirpath,name))
print (result)
Gregg Dotoli
--
https://mail.python.org/mailman/listinfo/python-list
