MUS2019-CTF Colab #872
MUS2019-CTF Colab #872
Conversation
| "cell_type": "code", | ||
| "source": [ | ||
| "# The ActiveTimeBias is in minutes, so divide by -60 (I don't know why it's stored negative): \n", | ||
| "420 / -60" |
There was a problem hiding this comment.
although this is a bit more complicated text... should we do this more "programmatically" ? food for thought... something like:
time_string = list(set(ts_results.message))[0]
_, _, data_string = time_string.partition(']')
data = {}
items = data_string.split(':')
key = items[0].strip()
for line in items[1:-1]:
words = line.split()
data[key] = ' '.join(words[:-1])
key = words[-1]
data[key] = items[-1]
print('The UTC offset is: {0:d}'.format(int(data.get('ActiveTimeBias', '0')) / int(data.get('DaylightBias', '1'))))
There was a problem hiding this comment.
I'd rather keep it simpler for the target audience. The notebook is supposed to show a "live" investigation, and writing that much code for a small one-time operation seems like overkill to me.
I also think it'd be good to take another look at how plaso parses these out (separate entries per key, rather than all into one string).
There was a problem hiding this comment.
ok... agree... but maybe change the text a bit to show or talk about where those numbers come from...
|
PTAL |
| "cell_type": "code", | ||
| "source": [ | ||
| "# The ActiveTimeBias is in minutes, so divide by -60 (I don't know why it's stored negative): \n", | ||
| "420 / -60" |
There was a problem hiding this comment.
ok... agree... but maybe change the text a bit to show or talk about where those numbers come from...
No description provided.