Archive for the ‘Software’ Category

h1

Linux Computer Forensics: Deft Linux 8.0b

08/07/2013
Deft Linux 8.0b is out and it's looking great.

Deft Linux 8.0b is out and it’s looking great.

A month or so ago I did a walk-through of some simple computer forensics using Deft 7 Linux (Carve and Sift: My Primer to Linux Computer Forensics). There have been several other versions of this distro to come out since then, but now that the beta for 8.0b has been released publicly, it marks a slight shift in the way Deft handles.

While my previous guide is still valid, there are a few additions that really place this version above its predecessors. Now, I’m not going to go through every change, you can do that by going to their website, but there are some really neat features that I’d like to point out.

New Feel

The first thing that will hit you when you start Deft 8.0b is the new layout. While the base operating system is still Ubuntu (Lubuntu to be precise) the LXDE desktop has been further customized from its 7.x version and now looks and feels like its own OS rather than a 1-off from an Ubuntu derivative. The menu is themed for Deft 8.0 with a little 8-ball and more icons have been added to the bottom panel.

The Desktop is more reserved and better organized.

The Desktop is more reserved and better organized.

[Screenshot of Deft 7]
(Opens in a New Window)

The desktop still has the LXTerminal (a must) and the evidence folder, but gone is the “Install” option. Since this is a beta version it is unclear whether this is gone forever or if it will be back later. 8.0b is certainly installable as the boot menu attests.

Guymanager, a very nice disk managing/imaging tool, has been added as well as the file manager for quick access. You’ll see in my screenshots that there is a “Get Screenshot” icon on the desktop, but that was added by me for this article and is not default.

The menu panel is almost entirely new, with only LxKeyMap being carried over with the standard desktop selector. There is a whole host of new software moved in, some from previous versions of Deft but were housed in the menu (like Autopsy) or on the command line. All-in-all this is a good move, as the most used programs are put front and center and the more specialist and less-used are in the easily navigable menus.

New Software

GuyManager is a welcome addition to Deft 8.

GuyManager is a welcome addition to Deft 8.

Deft 8.0b brings a lot of new software to the distro by default and the latest versions of most of it. This version is 64-bit only, and able to work in up to 256TB of RAM. Previous versions could only “see” 4GB because of the 32-bit limitation.

Again, their post on the update gives a broader view of the changes, but there are a few that I wanted to note in summary:

  • Cyclone is now at 0.2 and appears to be mostly the same as before. I’m assuming the changes are back-end.
  • Sleuthkit 4.0 stable is now included, but the Deft devs say that 4.1 will be on the official 8.0 release. [Website]
  • Guymanager 0.7.1, mentioned before, is a very nice forensics tool/disk mounting utility. [Website]
  • Tor is now available pre-installed with browser. I’ve not much use for this, but it is an increasingly-popular internet-access method. [Website]

Skype Xtractor is also new and is probably my favorite addition to Deft 8. While I’m not a criminal investigator, and I’m generally only using the distro for file-recovery, its future utility could be invaluable. Skype Xtractor is a command-line program that extracts the tables from Skype’s main.db and chatsync files and outputs them to html. So far, you can only get it on Deft 8, but it’s so useful I can’t imagine that it won’t show up elsewhere.

New Everything Else

SciTE is a new-ish text editor to Deft 8 and is the sole resident of the new Programming menu.

SciTE is a recently added text editor and is the sole resident of the new Programming menu.

Almost every other piece of software has gotten an update since Deft 7 and some have been given GUI front-ends, which is nice for beginners or those not terribly familiar with Linux command-line. The focus on 64-bit architectures with this version will mean that it probably won’t supplant my use of Deft 7 completely; there are quite a few machines in use out there that are single-core systems.

If you’re familiar with Deft 7, then I’d recommend getting 8 and using it on your 64-bit machines when able, since everything that was in the previous version is in this one (even though it’s beta) and better. Switch back to 7 only if you have to do so. However, if you’re new to computer forensics then I’d recommend sticking to 7 or waiting for the official Deft 8 release which should be very soon.

-CJ Julius

h1

Syncing Between Linux and Windows with BitTorrent

28/06/2013
Skip the insecure Cloud with BitTorrent Sync

Skip the insecure Cloud with BitTorrent Sync

I’ve always been a DIY kind of guy when it came to technology, and the idea of giving my data to cloud services such as Dropbox or Box.com (and whoever has access to that data besides them) seemed a little iffy. The cloud, as great as it is for some things, isn’t really built for too much security. Keeping data private on an internal system is hard enough, but throwing it out to the internet only multiplies these issues.

That’s where BitTorrent Sync comes in. Built by BitTorrent Labs (and using the BitTorrent Protocol), this solution boasts that it will allow you to sync between different OSes, securely, and without throwing any of it out to the cloud. This increases security incredibly, and isn’t that hard to set up. I put it on my Linux laptop (Stu) and a Windows 8 desktop (Zer0), both of which I’ve used in previous projects. It works, but it has a few caveats as you’ll see below.

Installation on Linux

Linux installation is fairly easy, if a bit obtuse. Instead of an installer of any kind, the package for BitTorrent Sync comes with a License.txt file and a single btsync binary. To start up the software, simply unpack it, navigate to the containing folder in a terminal and run the ./btsync command. That’s it.

$ cd /Location/of/File
$ ./btsync
The Linux binary can be configured through the webGUI (kinda) or the more robust sync.conf file.

The Linux binary can be configured through the webGUI (kinda) or the more robust sync.conf file.

However, unlike it’s Windows and MacOS brethren, there’s no independent GUI to use. You’ll need to open a browser and head to a webpage to administer it. In most cases you can use the address 127.0.0.1:8888

From there you can select the folder you want to sync as well as generate a secret key for said location. The key is to allow other computers on your network to access the folder securely. Barring any conflicting firewall settings on your local machine, this should just be a matter of putting in the secret when you add a folder.

If you need the key from a folder you’ve set up previously, you can get it again from the gear icon next to the listing in BitTorrent Sync. Also, if you head to the Advanced tab you can grab a “Read-Only” secret. If you use this key when setting up another computer, it will read from the folder but never write to it. This is useful if you want the updates to go only one way or you want to give someone the ability to see what’s on your machine without running the risk of them deleting or altering the files.

Installation on Windows

Next, I went to Zer0, my Windows machine, and installed the software. From what I understand, the Windows and MacOS versions are pretty much the same, so other than the intricacies of the Mac platform the installation and use should be very similar.

The Windows application is a little plain, but gets the job done.

The Windows application is a little plain, but gets the job done.

After running the installer, you’ll be presented with a page that has several tabs. Go to the “Shared Folders” tab and click on “Add”. Put in the secret from the share that we want to access and click “Okay”. It should have all the information it needs to connect and start syncing. Mine did it automatically and pulled the four or so test files with no further work on my part.

You can also add a local folder and sync it here. By default it’s the btsync folder in your Documents directory. I just left this as it is for my testing purposes.

Tweaking the System

Now that it’s set up, you can do a few more things to shape it to your preferences. As you first may have noticed you can add any number of folders to sync, for no cost unlike most cloud services. So if your primary concern is just moving files back and forth behind the scenes (as I do) then that’s probably this setup’s greatest strength beyond security.

There are further options as well that fall into the more advanced users’ category. On the Preferences page in both the Linux WebGUI and the Windows application, you can set rate limits, alter whether the software loads at boot and some other odds and ends. In the Advanced section, you can do even more. Here’s a quick rundown of these options:

The conf file has pretty good explanations for every editable line

The conf file has pretty good explanations for every editable line

disk_low_priority: If True, BitTorrent Sync will set itself to Low Priority on the system. Turn this on if you’re noticing serious speed problems when using BitTorrent Sync

lan_encrypt_data: If True, BitTorrent Sync will encrypt data sent over the local network. Turn this on if you want to hide your traffic from others who may be using the same network as you.

lan_use_tcp: If True BitTorrent Sync will use TCP instead of UDP for local transfers. Will use more bandwidth but will be (at least theoretically) more reliable.

rate_limit_local_peers: If True, BitTorrent Sync will apply rate limits (set in General Preferences) to local users. By default rate limits are only applied to external peers (those not on your network).

In Linux, these options as well as a few others are all stored in the configuration of btsync. You’ll need to go to the folder that you have btsync running in to access it. First, you’ll probably want to output a sample configuration and open it in a text editor to see all options you have. There are quite a few.

$ ./btsync --dump-sample-config > sync.conf
$ gedit sync.conf

It’s pretty self-explanatory, but I want to direct your attention to the username/password fields. Remember that webpage we went to earlier to set up the shared folder on Linux? Well it’s actually hosted from your machine, meaning that anyone who as the access to the network can pull up your BitTorrent Sync options and mess with them. So it might behoove you to set this option.

Once you’ve organized things the way you want them in your sync.conf file, save it. Now, you can import it back into the BitTorrent Sync application by running btsync with the modified conf file as such:

$ ./btsync --config sync.conf

Worth the Effort?

And that’s pretty much the ins-and-outs of the BitTorrent Sync application. I imagine that I’ll be using this not as my primary software to sync things between machines or as backups, but I will have it move files and folders from one machine to another periodically. Perhaps one could set up a backup drive on a server that just copies one way from all the machines that are linked to it. I imagine that could be a project for a different day.

On the whole this is a nice piece of software that pretty much does what it says it’s going to do, and securely. I know it’s Linux, but the lack of a real GUI and the complication of editing advanced options by way of the .conf file is kind of a downer. I’m totally fine with using the command line (in some cases I prefer it), but that drags down the score a bit on this one because it’s not very user friendly. Still, a fine piece of software that I will definitely be utilizing in the future.

Rating: 4.5/5 – Pretty darn good. However, the Linux version takes a little work to get customized and the Windows/MacOS advanced pages are a little confusing at first.

-CJ Julius

h1

Setting Up a Raspberry Pi with Ubuntu

17/05/2013

I had been putting off posting about this project until I had gotten RaspBMC to work, as that was step two, but it looks like the problem I need to be resolved is going to be a little while coming. So, I’m going to come back later and put an update if I get it running correctly. Either way, the Raspbian (the Debian Wheezy Raspberry Pi distro) setup is pretty clear and the same for every model of Raspberry Pi.

Here is the hardware that I’m working with:

  • Raspberry Pi Model B
  • Logitech USB Wireless Mouse Keyboard combo
  • 4GB SDHC Class 10 Memory Card
  • Edimax USB wireless adaptor
  • 4GB USB stick (for extra storage)
  • Gearhead Passive USB hub
  • USB 1.0A power adapter and Micro USB cable
Raspberry Pi Model B with SD card and wireless adapter inserted.

Raspberry Pi Model B with SD card and wireless adapter inserted.

I did this all in Ubuntu 12.04, so my work will be related to that OS; though commands are pretty similar across many distributions. Also, I have an SD card slot in my laptop, which means I did not need an adaptor to access the card directly.

The first step is to get the image on the card. I snapped in the card, it mounted and I went to the disk utility to find out where it had put it (in the system). It was mounted at /dev/mmclbk0. Once I knew that, I was ready to go get the Raspbian OS.

You can get the latest image off of Raspberrypi.org’s downloads page. I’d recommend the straight Raspberry Pi Wheezy image, as the “soft float” one is slow, and the others are more for advanced users that want to do very specific things.

Raspberry Pi booting for the first time

Raspberry Pi booting for the first time

In any case, once I had it downloaded I checked the SHA1 sum, because we’d hate to have a corrupted image from the word go. If you’re unfamiliar with SHA1, then it’s simply a method of verifying file integrity. Quite basically, an algorithm generates a unique number for a file and then that number can be checked against a copy of a file to make sure that it’s in good condition. In terminal, and in the folder that I downloaded the file into you put the command:

sha1sum 2013-02-09-wheezy-raspbian.zip

And you’ll get an output that looks something like the string listed on the downloads page. In my case, I was looking for the following: b4375dc9d140e6e48e0406f96dead3601fac6c81

Then, I just opened the archive and drag/dropped the file into a folder I had created previously, and returned to terminal. We’re going to be using the dd command to copy the extracted image (input file) to the card (output file). We’ll set the byte size to 4M and need be superuser to do this. My command was:

sudo dd bs=4M if=2013-02-09-wheezy-raspbian.img of=/dev/mmcblk0

Raspberry Pi Wheezy default Desktop

Raspberry Pi Wheezy default Desktop

Once it was done, I unmounted my card and slapped it in my Raspberry Pi for boot. On first boot you’ll get a lot of options. I’m not going to go through them one by one, as it’s pretty clear what each one is. The two I want to point you to however, are the expand rootfs and the memory split.

Expand rootfs is necessary if you have, like me, a larger than 2GB SD card. This opens up the rest of your card to be used by the system, so you have more storage space for your OS.

The memory split is important because the Raspberry Pi has a unified memory structure, meaning that it has one unified “bank” of memory that it divides towards certain tasks. If you’re going to be doing processor-heavy tasks like number crunching or multiple cron jobs, then you might want to push this towards the system memory side. However, if you intend to be using a lot of the graphical features, then you might want to lean towards the GPU.

My Raspberry Pi as it I use it now.

My Raspberry Pi as it I use it now.

The system is installed and ready to go. If you hit a command-line on boot, use startx to start the X Windows system (the GUI), and that’s it. I spent a good few hours customizing it, changing the wallpaper and such, but also removing and adding some software from the system to make it more useful to me, but that’s the basic setup.

I’ll come back at a later date if I get RaspBMC working, but as of right now it forgets that I have a mouse and keyboard attached to it, and there isn’t a simple solution that works so far. Everything works in Raspbian, and I’ve got quite a few things that I want to do in that, including Python that I mentioned in a previous post.

-CJ Julius

h1

AirDroid: Android File Transfer Made Easy

06/05/2013
In Direct Connect Mode, you don't need to log in and only get access to the "lite" features.

In Direct Connect Mode, you don’t need to log in and only get access to the “lite” features.

I have a bad time with MicroSD memory cards. Seriously, I have destroyed two of them in the past six months. I’d like to think that it’s because of a manufacturing defect, but I’m pretty sure it’s just my inherent clumsiness.

See, my tablet, a Galaxy Note 10.1 uses this type of storage and I spend a lot of time moving things to and from it. It’s usually large files or huge blocks of small files so it takes quite a lot of time unless I put the card itself into an adaptor  and plug it into my computer. Even the USB linking ability through the port on the tablet is painfully slow and sometimes just plain doesn’t work.

Emailing the files was sometimes the solution, but was impractical for larger files. Some times I could transfer through a USB stick, but that too was cumbersome. A few programs existed that allowed transfer between a computer and the device over Wifi, but most of them were lacking in some key respect, or didn’t function as I needed. Then I found AirDroid.

AirDroid is not exactly new to the scene, and in fact when I actually broke down and started searching for a solution to my problem, it was the first one to pop up. So I grabbed the “light” version and was throwing things to and from my tablet within minutes. All you need to do is grant it superuser permissions (so it can read/write/get updates) and sign up for the service (if you want to use the optional web version).

The GUI is very nice looking and offers a wide range of to

The GUI is very nice looking and offers a wide range of tools.

The app has two ways of connecting to your tablet, both of which involve configuring your tablet to act as a kind of file server. The first of these is to directly connect to your tablet over your current Wifi by pointing your browser to a specific IP and port (usually [Local IP Here]:8888). Then, through the gorgeous GUI, you can add/remove files, contacts, ringtones (if it’s an Android phone of course) as well as just about anything else that resides on your device.

The second way is similar to the first, except that you go through the AirDroid website (web.airdroid.com) to transfer files. This is useful if your tablet/phone is at home and you need to get something off of it. Assuming that your AirDroid app is running and connected, you can grab your files from literally anywhere in the world. There is a 1GB transfer limit on this function if you’re using the free version, though. So keep that in mind if you’re trying to pull a movie or something from your device.

If you want to grab an entire directory, you can get everything as one .ZIP file

If you want to grab an entire directory, you can get everything as one .ZIP file

Both of these look identical, in that the web interface is the same for both. The GUI has a multitasking feature, letting you add/remove files at the same time while checking your notifications and anything else you have the bandwidth for, as well as stats on your device like its battery life and storage capacity.

AirDroid did not crash or hang the entire time I used it no matter how much stress I put it under. I was transferring several Gigabytes of files to and from it while poking around in my contacts and looking at photos. Also, I run my tablet through an SSL VPN and didn’t have any troubles from that setup either.

On the whole this is a brilliant piece of software and an absolute must-have for any Android user who moves a lot of data around their mobile devices, which is probably everyone. AirDroid2 should be coming soon to my device and I am definitely looking forward to that.

Rating: 5/5 – Absolutely Perfect. You need this app.

-CJ Julius

h1

Chrome’s Office Beta Was Not Meant For Me

29/04/2013
Google Office Viewer Beta doesn't work on Windows 8

Google Office Viewer Beta doesn’t work on Windows 8

I tweeted the other day about Google’s new Chrome Office Viewer Extension (COVE?) that was in beta. It would allow users to see Office documents (as in the Microsoft kind) right in their web browser window. I excitedly talked about how it may move me to Chrome, because I do open a lot of web-hosted word processing documents. It sounded exciting!

Moving from one browser to another would be a herculean task for me, but I was willing to do it for such a neat feature, if it worked as advertised. While importing bookmarks are no big deal, moving my encrypted passwords (some to sites that I don’t even remember I used) and tying a Google account to it are not something that I particularly wanted. But I was willing to give it a try.

...it also doesn't work on Ubuntu Linux.

…it also doesn’t work on Ubuntu Linux.

I downloaded Chrome on my laptop and desktop and set about getting the extension. However, I have been unable to get the extension to install. Google has disabled it for the two operating systems I use the most: Windows 8 and Ubuntu Linux. I even tried launching Google Chrome in Windows 8 Mode, but to no avail.  While this is beta, I can’t be the only one who uses these two OSes, or just one of them exclusively.

This left me rather disappointed and solidified me more into the Firefox camp, where all my stuff resides anyway. Maybe I’ll keep Chrome around for a bit longer just to see what’s changed since I’ve last used it, or wait until the Office Viewer gets a proper release, but Firefox is still sitting pretty in my book. I’ll stay there and possibly try again when this comes out of Beta.

-CJ Julius

h1

Bitcoins, Mobile Digital Vaults and Google Fiber (2013.04.26)

26/04/2013

As this blog is an ongoing venture, occasionally I will want to update previous entries or projects. New information is gathered, projects evolve and, in general, things change. Also, I’ve found that updates don’t work so well on old posts because few people bookmark them and then come back later. To combat this, every once in a while I will be giving updates in rapid fire about previous entries. Those posts will be automatically updated via “pingback” in the comments section, so if you actually do bookmark them, then you’ll get notified that way.

Without further ado:

Bitcoins

bitcoins

Even the experts don’t know if Bitcoin is economically viable.

On April 11, 2013, Bitcoin Exchange Halted Trades in order to bring down the price of the coins. They also released a statement denying the bubble and assuring everyone that it was a solid currency. Whether it is or not remains to be seen as it has had its share of detractors and the largest U.S. exchange shut down following the big hype. As stated in my previous post, no matter how it turns out, it’s a fascinating convergence of technology and economics, much in line with the computerized traders on the stock market today. While I’m still extremely skeptical, I’m secretly rooting for an all-digital currency.

Mobile Digital Vaults

DiskInternals Linux Reader

A little cumbersome, but you can read your EXT drives.

My last project involved taking an old 500GB SATA drive, using TrueCrypt and a snazzy drive enclosure to turn it into a mobile digital vault. This was largely successful, although I could not get Windows to format a large enough partition for some reason. This led to me formatting the virtual drive into EXT4, which meant that I could not read it on Windows. I don’t use Windows that much, so that was not a big deal, however I wanted to see if I could find a method that would let me do so.

The blue light on the front show drive access.

The blue light on the front indicates drive access.

I mentioned that I used a piece of software called EXT2READ which I found out later did not work. When I tested it prior to writing the article, I found that I was able to read the drive, though some days after when I tried to copy a .DOCX file from an EXT3 partition to my NTFS Windows drive, the file was corrupted and unreadable. So, I tried another piece of software by DiskInternals to read EXT2/3/4 drives and it worked flawlessly, seeing the newly mounted TrueCrypt drive and letting me access it.

Also, I got another drive enclosure, the Nexstar3 by Vantec to house another 250GB SATA drive. The only major difference between the two is that the NexStar3 does not have a fan built in thus making it significantly smaller. It also requires two different sized screwdrivers to get your drive in, which I thought was odd, but otherwise it seems to be a solid piece of equipment. This drive is a little more “mobile” than the other so I’ve moved all of my encrypted drives that I want to take with me over to this one making the Rosewill enclosure largely stationary on my desktop.

Google Fiber

Google Fiber is stirring up some dust in Austin

Google Fiber is stirring up some dust in Austin

AT&T is feeling threatened by Google Fiber and has launched a counter-offensive aimed at bringing fiber to mainstream consumers in Austin. Some have argued that this is just posturing, but that they even bothered to acknowledge Google’s plans means that they’re taking the move towards a fiber infrastructure seriously to some degree. On the heals of this announcement came Time Warner Cable’s decision to wire Austin for WiFi. Austin Texas is going to be one of the most internet-connected cities in the U.S. at this rate.

Again, as I said in the last post, there is no bad news.

Future Projects

I have several new projects lined up for the next month, a few which are already underway. First of all, I need to take a 1TB (terabyte) hard drive and resurrect some files that got deleted from it. I will probably be using Deft Linux for this, which should be interesting. I’ve only “carved and sifted” once before.

Also, I got my Raspberry Pi up and going, which was interesting in and of itself, but I’m thinking that I’ll drop Wheezy and move toward XBMC. I had hoped to stream video from my Windows shared drive and onto my TV. We’ll see how that goes.

Lastly, I want to do a longer Wednesday post about Security on the Internet. The utilities I use to keep myself secure might be interesting to others out there. The use of VPNs, two step authentication and software to obscure passwords will be some of the pieces I’ll touch upon.

-CJ Julius

h1

Sherpa, A New Challenger to Siri

19/04/2013
SherpaWidget

You can put a widget on your
home screen for easy access.

I’ve used Siri a bit, and not to say that it isn’t an impressive piece of software, but it didn’t really wow me like I thought it would. It (she?) had the problem of misinterpreting what I said, or in some cases being very confused as to the nature of my request. I speak in a relatively clear North American accent, and am usually regarded as having a clear speaking voice, but these assistants sometimes have trouble getting me.

This is a problem, not just because it’s annoying when I want a “map of Ho Chi Minh” and instead get directed to a “map of coaching men” (honest-to-goodness result), but because it isn’t reliable enough to be useful. If it takes me just as long to open up my quick apps and find it on Google Maps myself, then I might as well not even use the assistant.

Sherpa is a new product along these lines released by a Spain-based company of the same name. It’s still in beta, so I’m cutting it some slack, but it like all of its Siri kin isn’t something I can use regularly.

Sherpa_Main

On the left is where commands, as they’re understood are listed, and on the right a work area where the browser, notifications etc show up.

It gets very confused on simple things like open [name of app], and sometimes misinterprets what I say. For example, “Open Google Play” should open the Play Store. It does not. For some strange reason, Sherpa googles Google Play in Firefox (my default browser). It’s just not reliable enough to do all of the cool things it should be able to do.

Sherpa may have a long time to go before hitting a final release, so this could be a really early preview version, even if it was released to the public in the Play Store. However, it seems to me to hit all the bumps in the road that current Digital Assistants do, and in doing so, fails to be something that I can regard as much more than a toy for amusement. I’ll probably keep the app installed, just to see where it goes, as it’s the most promising Digital Assistant I’ve seen outside of Siri.

Rating: 2/5 – Lots of promise, but still not useful. Note: In Beta

If you want to know more, here’s a quick article about the new release:

From Gigaom:

A new voice digital assistant is on the scene in the U.S., but unlike other Siri-challengers Sherpa comes with some overseas work experience. Sherpa launched its Spanish-language Android app in October and has since risen up the Google Play charts in Spain and Latin America. Sherpa has now learned English, and on Wednesday it launched in the U.S. in the Play store.

Most virtual assistants powered by natural language processing are taught to do specific tasks very well but tend to come up short when given unfamiliar assignments. For instance, Siri excels at jobs like making calendar appointments and dictating text messages but can be confounded by more general requests for information, usually resorting to simple web searches.

Read More…

-CJ Julius