Archive for the ‘Uncategorized’ Category

Basic for loops

Thursday, October 25th, 2012

One of the first things anyone taking the leap into programming is going to learn is the ever present, ever useful for loop. One of the reasons a for loop is so useful is that it implements exactly what computers do best and what people do worst, tedious repetitive tasks. Imagine having to grab a specific piece of data from 100 different vcards or manually update 1000 rows in someones SQL database. Not fun, and that’s where for loops come in, giving you the ability to program a specific set of tasks and then let your computer crunch away at the numbers while you relax and sip your favourite coffee product. It’s like the old saying goes, laziness is the mother of efficiency and a good for loop will help you accomplish both of those.

The basic for loop consists of a set of values which are either numbers or a set of strings, a temp variable that is what you use to access the data you’re iterating through, and a criteria that has to be fulfilled so that the loop knows when to stop. It’ll probably make more sense when there is a live example so look below to get a better understanding.

Here is a basic for loop written in Perl that iterates through a given set of IP’s to see which ones are responding.

#!/usr/bin/perl
# Declare current subnet
$subnet = “192.168.0.”;
# Initialize temp variable ($var), stop after number 10 ($var <= 11) and for each loop add one ($var++)
for (my $var = 1; $var <= 11; $var++) {
    # Send one ping per IP
    `ping -c 1 $subnet$var`;
    # And finally print which hosts are up
    print “$subnet$var is up\n” if ($? == 0);
}

 

Digital Forensics – Best Practices

Thursday, September 6th, 2012

Best Practices for Seizing Electronic Evidence

A joint project of the International Association of Chiefs of Police
and
The United States Secret Service

Recognizing Potential Evidence:

Computers and digital media are increasingly involved in unlawful activities. The computer may be contraband, fruits of the crime, a tool of the offense, or a storage container holding evidence of the offense. Investigation of any criminal activity may produce electronic evidence. Computers and related evidence range from the mainframe computer to the pocket-sized peronal data assistant, to the smallest electronic chip storage device. Images, audio, text, and other data on these media can be easily altered or destroyed. It is imperative that investigators recognize, protect, seize and search such devices in accordance with applicable statutes, policies and best practices, and guidelines.

Answers to the following questions will better determine the role of the computer in the crime:

  1. Is the computer contraband or fruits of a crime?
    For example, was the computer software or hardware stolen?
  2. Is the computer system a tool of the offense?
    For example, was the system actively used by the defendant to commit the offense? Were fake IDs or other counterfeit documents prepared using the computer, scanner, or printer?
  3. Is the computer system only incidental to the offense, i.e., being used to store evidence of the offense?
    For example, is a drug dealer maintaining his trafficking records in his computer?
  4. Is the computer system both instrumental to the offense and a storage device for the evidence?
    For example, did the computer hacker use her computer to attack other systems and also use it to store stolen credit card information?

Once the computer’s role is known and understood, the following essential questions should be answered:

  1. Is there probable cause to seize the hardware?
  2. Is there probable cause to seize the software?
  3. Is there probable cause to seize the data?
  4. Where will this search be conducted?
    For example, is it practical to search the computer system on site or must the examination be conducted at a field office or lab?
    If Law Enforcement officers remove the computer system from the premises, to conduct the search, must they return the computer system, or copies of the seized data, to its owner/user before trial?
    Considering the incredible storage capacities of computers, how will experts search this data in an efficient and timely manner?

Preparing For The Search and/or Seizure

Using evidence obtained from a computer in a legal proceeding requires:

  1. Probable cause for issuance of a warrant or an exception to the warrant requirement.
    CAUTION: If you encounter potential evidence that may be outside of the scope of your existing warrant or legal authority, contact your agency’s legal advisor or the prosecutor as an additional warrant may be necessary.
  2. Use of appropriate collection techniques so as not to alter or destroy evidence.
  3. Forensic examination of the system completed by trained personnel in a speedy fashion, with expert testimony available at trial.

Conducting The  Search and/or Seizure

Once the computers role is understood and all legal requirements are fulfilled:

1. Secure The Scene

  • Officer Safety is Paramount.
  • Preserve Area for Potential Fingerprints.
  • Immediately Restrict Access to Computers/Systems; Isolate from Phone, Network, as well as Internet, because data can be accessed remotely on the system in question.

2. Secure The Computer As Evidence

  • If the computer is powered “OFF”, DO NOT TURN IT ON, under any circumstances!
  • If the computer is still powered “ON”…

Stand-alone computer (non-networked):

  1. Photograph screen, then disconnect all power sources; Unplug from back of computer first, and then proceed to unplug from outlet. System may be connected to a UPS which would prevent it from shutting off.
  2. Place evidence tape over each drive slot.
  3. Photograph/Diagram and label back of computer components with existing connections.
  4. Label all connectors/cable ends to allow for reassembly, as needed.
  5. If transport is required, package components and transport/store components always as fragile cargo.
  6. Keep away from magnets, radio transmitters, and otherwise hostile environments.

Networked or Business Computers: Consult a Computer Specialist for Further Assistance!

  1. Pulling the plug on a networked computer could severely damage system.
  2. Disrupt legitimate business.
  3. Create liability for investigators or law enforcement personnel.

 

DISCLOSURE:
THIS TECH JOURNAL ENTRY BY 318, INC. IS FOR REFERENCE ONLY.
THIS DOCUMENT SHOULD NOT BE USED VERBATIM TO CONDUCT ACTIVE FORENSIC INVESTIGATIONS NOR BE USED AS A LEGAL PRECEDENT OR REPLACEMENT FOR ESTABLISHED FORENSIC PRACTICES ESTABLISHED IN YOUR JURISDICTION. PLEASE FOLLOW PROPER LEGAL AND FORENSIC INVESTIGATION PROCEDURES AS ESTABLISHED BY YOUR CITY, COUNTY, AND STATE!
318, INC. SHALL NOT BE HELD LIABLE. USE OF THIS DOCUMENT IS AT YOUR OWN RISK!

Test-Driven Sysadmin with a Russo-Australian Accent

Friday, March 16th, 2012

One of the jokes in the Computer Science field goes like this: there are only 2 hard problems: cache invalidation, naming things, and off-by-one errors. Please do pardon the pun.

Besides the proclivity to name things strangely in the tech community, we often latch on to acronyms and terms that show our pride in being proficient with cutting-edge (or obscure) concepts. As with fashion, there is an ebb and flow to what’s new, but one thing that is here to stay are tests for code, exemplified by the concept of TDD or Test-Driven Development. When you work with complex systems, dependancies can become a fragile house of cards, but here’s another take on that concept: “here in Australia, “babushka doll” is the colloquial term for Russian nesting dolls. Deps” (short for dependancies) “are intended to be small, tidy chunks of code, nested within each other – hence the name”

Babushka is the name of a tool, for Mac OS X and Linux, that tests for the software or settings your system relies on – and if it isn’t present, it goes about changing that for you. Its claim of “no job too small” hints at how atomic and for-mere-mortals the tool was made to be. In comparison to configuration management tools like Puppet and Chef, which are also written in Ruby, it’s much more humble with a proportional community in comparison. The larger tools strive to deliver the ‘holy trinity’, consisting of a package, a configuration file, and a service (gathered in modules by Puppet parlance or recipes in Chef.) Babushka can just deliver the package and lets you build from there.

It was originally released a few years ago, and has recently been refreshed with new capabilities and approachable, comprehensive documentation. Unlike centralized business systems that require curation to take into account things like volume licensing, Babushka can let you reach right out to publicly available freeware. For developers it affords more conveniences like the command line tools that used to require Xcode, package managers like homebrew, and support for Ubuntu’s standard package manager as well.

Git and Github.com both play a big part in Babushka; and not just that Git’s the version control system it uses and Github is the site it can be downloaded from. If you decide you’d like to use someone else’s ‘Deps’ to set up your workstation, there is a simplified syntax to not only specify a user on Github whose repository you’d like to work out of, but you can now search across Github for all of the repositories Babushka knows about.

One way of getting started super fast is just running this simple command: bash -c “`curl babushka.me/up`”

Now installing via this method is not the most secure, but you can audit the code since it is open source and make your own assurances that your network communication is secure before using it. For examples, you can look at the creator’s deps or your humble author’s.

Background Checks? There’s an App for That!

Thursday, December 24th, 2009

Apple’s App store is a veritable wild west movie of products; business, pleasure, pleasure disguised to look like business, useful tools that are free and do-nothing apps that cost $999.99.

Beenverified.com has released a “free” app that allows you to run background checks right from your iPhone. While this isn’t a new idea, the app is well designed and you get three free searches a week. Since it’s just been released, you can only run one search at a time due to high server demand, but the searches are accurate and in-depth. It was able to produce not only basic information about those of us that have tried it, but also gave a complete histories of houses, including past owners, past occupants and the house’s current market value, amongst other things!

Sherlock – The Forgotten Mac Program

Monday, February 26th, 2007

Just last week, I was in the midst of celebrating my birthday. It was more or less a camping trip and, like any true geek, I brought all my techie goodies with me just in case.

I had my Laptop, networking/FireWire cables, digital camera, AC inverter (so that my car could charge all my devices), and rechargeable batteries. You name it, I brought it and they all came in quite handy on the trip too. When I filled my CF card from my new Nikon D70 digital camera, my laptop was there to download the pictures and burn a CD backup just in case. When my camera batteries got low, I used my AC inverter, powered by the car, to charged my batteries and again, when I needed to check my email, my laptop connected through my cell phone to the net and I was able to stay connected to the outside world. All in all, I was prepared for anything, or so I thought.

As we were driving through Death Valley, miles away from any cell phone reception and further from any signs of civilization and the technological world, you can imagine how surprised I was when we came upon a broken down car. I slowed and signaled to the driver who was waiving me to pull over and help him. When I asked what the matter, I received the reply, “Non parlo inglese.”

After a few minutes of carefully planned gesticulation I learned that my two Italian friends, Mateo #1 and Mateo #2, were on their way to San Francisco when they hit a rock which smashed their oil pan and stranded them. There was an enormous language gap and most of our communications consisted of one word sentences such as “hungry?” and “hotel?” with the occasional compound 3 word sentence as in “what your email address?”

So you may be asking yourself what this little story has to do with technology so here it is: SHERLOCK by APPLE.

Fast forward 3 weeks and I’m home, about to go see a movie. Naturally, I opened up Sherlock to check the movie time and the translation button caught my eye. Translation button? I opened it up and realized that every Mac has a built in language translator ready to go with the 11th option from the top being “English to Italian.”

Here I am, a techno savvy computer dude and this most basic feature eluded me for years. If I would have known about it 3 weeks ago it would have made our rescue mission just a bit easier and allowed us to get to know our Italian friends a little more. On top of doing language translations, Sherlock can look up movie times w/ QuickTime previews, stock quotes, picture searching, yellow pages lookups and a lot more.

Sherlock, it’s back in my dock.