I don't know about perl, so it may really fool question.
and this question may not appropriate for this forum….
I wonder whether the ProDiscover can get snapshot automatically,
using ProScript (Perl).
I can't imagine what kind of function will materialize with perl….
thanks,
It depends on what you mean by "snapshot"…
Using ProScripts, ProDiscover can
1. Copy an agent over to a system via a network login, or access an agent run on a system via a CD/DVD or thumb drive.
2. Collect BIOS, PhysicalMemory, volatile data.
3. Acquire a live image.
4. Disconnect.
> I can't imagine what kind of function will materialize with perl….
???
HTH,
Harlan
Harlan,
thanks for your quick reply.
I can understand the 4 function you mentioned.
Now, is it possible to collect BIOS, PhysicalMemory, Volatile data
automatically?
I'm thinking about using ProDiscover like AIRS(EnCase Enterprise Option).
You know, AIRS depend on the IPS/IDS allerts.
But taking process hash, Dll's hash periodically(automatically), and compared them regularly, it is easy to find unknown virus/malware or rootkit and so on, I suppose.
Is it possible by using ProScript?
regards,
> Now, is it possible to collect BIOS, PhysicalMemory, Volatile data
automatically?
I'm not sure what you're asking.
> Is it possible by using ProScript?
Yes, I'm sure it is. You would have to fire up ProDiscover, launch the ProScript, and simply have a listen() or sleep() function in your code.
Harlan