Hal Pomeranz · Sep 6, 2022 · 1:31 PM UTC

Hal Pomeranz

Hal Pomeranz @hal_pomeranz

6 Sep 2022

Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…

Hal Pomeranz · Sep 20, 2022 · 11:48 AM UTC

Hal Pomeranz · Sep 20, 2022 · 11:48 AM UTC

Hal Pomeranz @hal_pomeranz

20 Sep 2022

Replying to @hal_pomeranz @WWHackinFest

Daily Linux Forensics Trivia #15 - Write a regular expression to match traditional Syslog-style logs in unallocated blocks.

Sep 20, 2022 · 11:48 AM UTC

Hal Pomeranz · Sep 21, 2022 · 11:54 AM UTC

Hal Pomeranz @hal_pomeranz

21 Sep 2022

Trivia Answer #15 - The typical Syslog log timestamp is “Mon dd hh:mm:ss”, e.g. “Sep 21 7:49:34”. The regex “[A-Z][a-z]{2} +[0-9]+ +[0-9]+:[0-9]{2}:[0-9]{2} “ matches this pattern and is effective at finding old/deleted log entries in unallocated.