usbrip works with non-modified structure of system log files only, so, unfortunately, it won't be able to parse USB history if you change the format of syslogs (with syslog-ng or rsyslog, for example). That's why the timestamps of "Connected" and "Disconnected" fields don't have the year, by the way. Keep that in mind.
If the format of syslogs doesn't change there should be no issues (or should it be read as "the system logs don't have the year"? )
If you don't have the year, it is not a "full date" in the forensic sense of the term, and you simply cannot present such a result in a Court.
A statement like "A Netac USB device was connected on May 26, presumably in the year 2019, exactly at 00:51:54 and soon after disconnected, exactly at 00:52:21" won't be good.
If it is technically not possible to retrieve the year, then the whole stuff has very little relevance on itself.
It would be needed to create a complete timeline of the system under investigation and correlate the month, day, time with activities that have an objective timestamp including the year.
> or should it be read as "the system logs don't have the year"?
That's the case. RFC 3164, which specifies the log format, is the only one usbrip can read, and it doesn't have an option to specify year.
Well, then the tool has no actual "forensics" use by itself.
It's a pity, of course, but it can only be a tool to confirm findings that have a "proper" timestamp.
Most probably the log consists of "appended" entries that might mitigate the issue, still it is needed a clear and extended "justification" to the procedure with wich the year is "attributed" to the yearless entry for forensics use.
Yes, it is one of possible decisions but that would make the tool a bit less portable. When dealing with text logs, you can move them around as well as keep backup storages updating them with new entries.
FYI, I have no idea if I use tabs or spacves in my projects, my IDE is configured to use the popular linting/formatting so it autoformats using that,
Honest question, when you hit issues caused by someone else code not using your favorite style of tab vs spaces? Is there an editor/IDE that can't autodetect this and work properly or is there a language that would fail because is hyper sensitive to white space?
Which is why PEP-8 the Python code style guide enforces 4 spaces. This maintains consistency throughout the community. Also PyCharm one of the more popular IDEs for Python uses 4 spaces by default.
That's not what PEP-8 is for, it was meant to define the style of the standard libraries. A lot of people in the community voluntarily adopted it for their projects, but that wasn't its purpose.
It would be IMHO advisable to use not the name of the month and somehow fit in the line the year.
Note: Small typo: the past of "shut down" is "shut down" and not "shutted down".