TABLE OF CONTENTS As mentioned in Part I, ProScripts are essentially Perl scripts that provide a scripting capability for the ProDiscover forensic analysis application provided by Technology Pathways. The ProDiscover forensic analysis application can be extremely useful, and the addition of the Perl scripting language allows the examiner to leverage the power of Perl in conjunction with the ProDiscover product. This gives the examiner the ability to extend the ProDiscover application to incredible levels of usability.
Graphical user interface (GUI) programming is beyond the scope of this book, but I have tested the use of a GUI in conjunction with ProDiscover ProScripts (using the Win32::GUI module) and they have worked very well together. Taking this to greater lengths would allow the examiner to extend the usability of ProDiscover even further, all thanks to the power of Perl!
In Part I, as well as previously in this Part, I provided Perl scripts that could be used to extract information from the UserAssist keys in the Registry. In Part I, the uassist. pl Perl script could be run on a live system to retrieve the contents of the UserAssist key for the currently logged on user, and earlier in this Part, the uassist.pl Perl script used the Parse::Win32Registry module to retrieve the same information from an arbitrary NTUSER.DAT file that had been extracted from an acquired image. For the sake of completeness, I wanted to provide a ProScript that you could use with ProDiscover and parse the UserAssist keys from...
