3 days ago, I watched an american series (Shase) in which an actor said, during a crime investigation : "I'm going to search into the victim's computer to know what is the last printed document ?
Hum, I said me : "Is it possible or not ?" ... yes, it's possible :)
All is into "/var/spool/cups", with root privileges :
If printers use "Generic PostScript" driver, you can find your printed document in PDF format :) Funny, no ?
To copy these files into your home directory :
bash-3.2# find /var/spool/cups -exec file {} \; | grep -i pdf | cut -d : -f 1 > /tmp/file_pdf.txt
bash-3.2# while read line; do cp "$line" ~/; done < /tmp/file_pdf.txt
So, it's an other information leak for Mac OS X ... :) and I added this exploitation to my "private" forensic framework, Pac4Mac.
Aucun commentaire:
Enregistrer un commentaire