probing operating sytem - Security

This is a discussion on probing operating sytem - Security ; Apologies if this isn't the right group for this post. Does anyone know a method/tool/code for probing each disk in a computer and determining what operating system is installed, if any? I'm mostly interested in the results from windows platforms, ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: probing operating sytem

  1. probing operating sytem

    Apologies if this isn't the right group for this post.

    Does anyone know a method/tool/code for probing each disk in a computer
    and determining what operating system is installed, if any?

    I'm mostly interested in the results from windows platforms, but the
    code would preferably be perl or C, if there is a tool it needs to be
    elf x86 format.
    I thought carrier's sleuthkit might have something but it seems not to.

    appreciate any thoughts!


  2. Re: probing operating sytem


    "poncenby" wrote in message
    news:1164135938.956327.273580@m7g2000cwm.googlegro ups.com...
    > Apologies if this isn't the right group for this post.
    >
    > Does anyone know a method/tool/code for probing each disk in a computer
    > and determining what operating system is installed, if any?
    >
    > I'm mostly interested in the results from windows platforms, but the
    > code would preferably be perl or C, if there is a tool it needs to be
    > elf x86 format.
    > I thought carrier's sleuthkit might have something but it seems not to.
    >
    > appreciate any thoughts!


    Hi poncenby,

    I'd be suprised if there were not tools already out there for this but, with
    a simple bit of scripting you could use fdisk to find out the filesystem
    type and using mount, ls and grep you should be able to get a good idea of
    the OS in use. You could even use a hashing algorithm to check file versions
    and hence work out what OS version is in use.

    Would that be any use to you?

    Bogwitch.



  3. Re: probing operating sytem

    I'm using a few of the sleuthkit tools but I'm not that keen on having
    to mount basically every partition node under /dev.
    Just hoping someone knew of a tool that already has the OS
    identification functionality that works on /dev block devices/dd images
    etc etc.

    more googling is needed...


    > Hi poncenby,
    >
    > I'd be suprised if there were not tools already out there for this but, with
    > a simple bit of scripting you could use fdisk to find out the filesystem
    > type and using mount, ls and grep you should be able to get a good idea of
    > the OS in use. You could even use a hashing algorithm to check file versions
    > and hence work out what OS version is in use.
    >
    > Would that be any use to you?
    >
    > Bogwitch.



  4. Re: probing operating sytem

    "poncenby" (06-11-21 14:19:53):

    > > I'd be suprised if there were not tools already out there for this
    > > but, with a simple bit of scripting you could use fdisk to find out
    > > the filesystem type and using mount, ls and grep you should be able
    > > to get a good idea of the OS in use. You could even use a hashing
    > > algorithm to check file versions and hence work out what OS version
    > > is in use.
    > >
    > > Would that be any use to you?

    >
    > I'm using a few of the sleuthkit tools but I'm not that keen on having
    > to mount basically every partition node under /dev. Just hoping
    > someone knew of a tool that already has the OS identification
    > functionality that works on /dev block devices/dd images etc etc.


    You will be searching forever. Script it yourself, it's easy. Just
    mount the partition with '-t auto', and check some files' hash values,
    as Bogwitch already suggested. An appropriate shell script should not
    exceed 15 lines. You will find the '-c' option to 'sha1sum'
    particularly useful.

    However, this is not a security related problem.


    Regards,
    E.S.

+ Reply to Thread