Re: write events log to CD?

[Harlan Carvey <keydet89 () yahoo com>]

Ali,

> Sending logs to a printer makes the most sense to
> me. Absolutely 
> unhijackable, and a good use for that old 9-pin
> dotmatrix and 2000 
> sheets of traction feed paper you have in the
> cupboard.
>
> No idea whether it's possible on windows, though.

Why wouldn't this work?  Windows is able to print...so
your idea should work.

However, I'm not sure I see a great deal of efficiency
in doing so.  Perhaps a better idea would be to get
the Event Log entries off of the system as they are
generated, using a mechanism such as syslog.  

Along those lines, if you go to
http://patriot.net/~carvdawg/perl.html, you'll find a
Perl script named wmievt.pl...this script uses WMI to
watch the Event Log for new events.  When a new event
is generated, the script "wakes up".  This is just a
barebones, proof-of-concept script.  I will be
fleshing it out a bit and releasing on the web site
for my book (book: "Windows Forensics and Incident
Recovery", web site: http://www.windows-ir.com).

Hope that helps,

Harlan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html