def _get_computer_name(self, reg: RegistryHive): names = [] for subkey_path in reg.get_control_sets( r'Control\ComputerName\ComputerName'): subkey = reg.get_key(subkey_path) try: names.append({ 'name': subkey.get_value('ComputerName'), 'timestamp': Time.change_output_date_format_from_epoch( subkey.header.last_modified) }) except RegistryValueNotFoundException as ex: continue return names
def _get_usbstorage(self, reg: RegistryHive): usbs = [] try: for subkey_path in reg.get_control_sets(r'Enum\USBSTOR'): subkey = reg.get_key(subkey_path) for usb in subkey.iter_subkeys(): usbs.append({ 'device': usb.name, 'timestamp': Time.change_output_date_format_from_epoch( usb.header.last_modified) }) except: return None return usbs