TABLE OF CONTENTS This Part focuses on the use of Perl when extracting data from a live system, as part of live response. Live response is a general term used to describe activities that are performed when information is needed from a system while it is still running. This most often involves collecting volatile data from a system, or data that is only available when the system is powered on and running. Live response activities can include something as simple as an administrator troubleshooting an issue on a system, or collecting process and network connection information from a system prior to powering the system down and acquiring an image of the system s hard drive. These activities can also include inventory control (determining who s logged into a system, what software is installed on a system, and so forth), and can be performed locally (while the administrator is sitting at the console) or remotely, over the network.
ActiveState Perl comes with several built-in Windows (i.e., Win32) functions that allow you to access and retrieve specific information from a Windows system. For example, you can determine the current working directory (Win32::GetCwd() ), the system architecture, and type of CPU of the system (Win32::GetArchName() and Win32::GetChipName(), respectively), as well as a number of other very useful pieces of information. All of these functions are simply interfaces into the appropriate Windows application program interface (API) function calls, and allow the programmer to quickly retrieve the information they re looking for.
Demonstrates the use of some of...
