DFIR Python Study Group: Class 4 – practice script

As stated in my previous blog post, I split this class up into two posts. I’m around 21 minutes into the class 4 study group video.

Here we’re trying to remove those gaps we see in the output of our code.



Output (see the gap?):


Removing the gap isn’t necessary, but personally, I don’t like it, so I am glad we’re working on how we can modify our code to remove it using rstrip().

.rstrip() removes trailing characters (like the space character we have ‘/n’ in our list). If we add this into our code at the end of our splits, we’re removing the space character from the end of our second list item (which is actually item 1 - remember in Python we count from 0) and we should no longer see the space in our output. 




Ahh. Much better.

Now we learn how to get our output to save to a new file. In my last blog post, I accomplished this by using the command line, however, in this class we go over how to do this by writing it directly in our code.

What is maddening about this is that I was so close to figuring it out using Stack Overflow and Google. Where I went wrong when I tried to do it myself, was that I did not create an empty list. Therefore, when I ran my code, I would get an error telling me something was not defined. Below is how to get it done:




Take note to the lack of .rstrip() when we append our ‘report’ list in line 7 and 10 of my screenshot. Removing .rstrip() keeps our new line character at the end of each list object, otherwise our file text would all be in one line as seen in the example below.



DFIR Python Study Group: Class 4