Pages

Monday, 23 May 2016

Digital forensics on an SSD

Recently I was able to listen to a guest lecturer by a chap working the digital forensics field. There were a few interesting things to come out of the lecture. They are, in no particular order:

  • document and timestamp everything you do - it doesn't matter if it's written down, or you use software, but you have to show the steps you went through to reach the conclusions you're putting forward
  • EnCase is an industry favourite software
  • small cases can take you in surprising directions and you can go from a $40,000 fraud case and end up with a $250,000 + fraud case!
  • recovering RAID arrays can be a trick - but you can image each disk and use EnCase to rebuild the array which is pretty neat!
  • you can't carve an SSD to recover data like you would a HDD
That last point is the one I want to mention. On a magnetic hard disk drive (the regular type of drive people have been using) when a file is deleted, it's removed from the File Allocation Table and the computer recognises it as free space, ready to overwrite. It's relatively straightforward to then get that data back - a process I've performed dozens of times to save someone's bacon when they've deleted all their uni work (for example). But on an SSD the process is different. 

On a TRIM enabled SSD (and this is all modern SSD's) the data is removed immediately when you delete it. The OS clears the space for re-use and it's not recoverable. This applies to USB drives as well - any flash media in fact. Once a file is marked for deletion, the operating system erases it completely and then that space is available again. This keeps the SSD running fast. It makes it very hard, if not impossible to perform data carving (or recovery) on an SSD. Uh oh - that makes life harder for the digital forensic expert! 

It's amazing though - even with these kinds of hurdles to getting data out and processing it, people still make it easy to be caught. For example, using work email to talk about things people are doing wrong, or storing data on work computers that has evidence of wrong doing. There is no expectation of privacy when you use a work asset - the company owns all this stuff and all the data on it. And most companies will comply with search orders giving an investigator plenty of access to what they are looking for.

It's interesting stuff, but I don't think I'll make a career of it - getting into the business seems quite tricky and while it is a fascinating field, there is a lot of tedious combing through search hits for relevant results that, quite frankly, looks boring. Never say never though!

Tuesday, 17 May 2016

Netgear D6300 Review

After my poor little TPlink Router bit the dust with a recent power fluctuation I was keen to get something with a solid WiFi capability. The TPlink router I was using didn't have the greatest coverage around the house, and certainly not outside the house, and with the recent installation of a Chromecast I was keen to find something with a bit more zing. Also, due to my dodgy cabling set up, I have half my machines on one side of the house, and the other half on the other side. The cabling between the two goes through the router and I wanted a gigabit link between the two halves.

So a router with 5GHz wireless and gigabit networking? My local nerd supplier handed over the $399 Netgear D6300 and told me it was the best he had. He noted my sceptical look, but assured me that it was good to go. OK I'll have a crack at it and see how it goes.

It took about 45 minutes to configure it - I've got a fairly complex network with a lot of crap all over the place, all sorts of forwards and Dynamic DNS configured. I also have a large number of static DHCP entries - nightmare. Once I got it all across, plugged in and set up and away we went. I quite like the Netgear method of showing what's happening on the network. That's one of the very few things I do like about this router.

Here are the other things:

  • the wireless is good
  • throughput on the gigabit network is very high, so that's good
  • Dynamic DNS works out of the box and has some nice reporting
  • it's not a bad looking bit of gear:

OK so here are the things that suck about this router:
  • the interface is slow. I tested it under:
    • Safari
    • Chrome
    • IE
      • and it was pish under all of them. Slow to refresh and slow to respond.
  • update stopped part way through and I had to restart it - thought I'd bricked the thing
  • updates to DHCP require a reboot of the damn router! What the hell?! All I'm doing is changing a MAC address or an IP and the whole thing has to reboot to update it. This makes me very unhappy and annoyed.
  • it wouldn't initially talk to one side of the network - I ended up having to install a gigabit switch to get the thing to work properly. This isn't optimal, although it does take the network link between the network sides away from the router for when it restarts every time I perform a basic function. 
All in all, for the price, I'm a bit ambivalent towards the D6300. My dirty old TPlink, with no frills, worked pretty well and I wasn't hating on it too much when it died. Now that it is gone, this Netgear has a bit to do before I'm impressed. We will see how it goes over time, however I wouldn't rush out to buy this one.

Ubuntu 16.04 LTS First Impressions

Another polished release - Xenial Xerus (at least I hope it’s polished!)

I’m using it for a test WordPress system at the moment so I’ve been concerned mostly with that. PHP5 is gone, replaced by PHP7. The main issue with this is no more SSH2 PHP7 extension! It makes installing new themes or plugins, or updating them tricky in WordPress as it relies on this. I’ve had to default back to using vsftpd but even that is crashing at this time. To work around that, add:

define(‘FS_METHOD’, ‘direct’);

into wp-config.php

See https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04 for a great walk through on this - in fact, check out Digital Ocean - they have some excellent stuff on there, including these tutorials. If you're like me and would love to delve into the intricacies of nginx or some other equally complex bit of software but don't have the time, Digital Ocean give you a way to get things up and going with very little in the way of issues. Nicely typeset and well laid out tutorials - thanks a million guys! (I am in no way affiliated, merely a fan).

I performed the install inside a VMware Player and it was as usual quite fast. Updated hostname and /etc/interfaces/network to sort out IP addresses and the like and off I went. Install of WordPress was straightforward and the set up was reasonably quick - a mite quicker I might say than the one on 14.04LTS that I performed last week. PHP7 seems more responsive and I played around with both my VMs to see if there was much difference - installing the same theme into both to see what the speed impact might be. PHP7 was marginally quicker, although I wouldn't suggest it was statistically significantly quicker.

I noticed that updates using apt-get had a much shorted list of archives being hit which was interesting. In the past it seems there was an ever increasing number of new archives being added until the sources.list ends up a mile long. So quicker updates, presumably more efficient is always a good thing. I have no idea what the desktop interface looks like - probably more of the same of that Ubuntu look (which I personally am not in love with - give me Mint's any day).

Much more of my time was spent using this VM to try and get a dirty website going - I am no webdev and I really don't like doing it. Sadly, sometimes you have to so I will continue plugging away at it tomorrow. Ubuntu 16.04 LTS though - looks like it's the goods. Get on it and see how if it does the job for you!

Tuesday, 10 May 2016

Blogger vs WordPress - a comparison of great products

This blog is written on Blogger - I am a big Google fan and I love a lot of their products. Blogger dovetails nicely with the other Google Apps I use and so it's a handy piece of kit. The interface hasn't really changed much in quite a while - it's simple yet user friendly. If you're looking for a blogging tool, it's really quite good.

I started to play with WordPress a short while ago for a client. They are using it to power their website and the more I've played with it the more I like it. There's a great interface - and I really like the new posting experience on it. Here is a comparison of the three different ways you can create a post with Blogger, old WordPress and new WordPress:

How meta! A blog post in a blog post - this is the Blogger interface
The old interface for WordPress - it has some nice features indeed.
The new posting experience in WordPress. Takes a bit to get used to.
I like the stark simplicity of Blogger - I've created about 165 posts (some of which never made the light of day) here at www.ryv.id.au. On the WordPress sites I manage - and there are a few - I've created about the same number of posts. For quick updates and slamming on a short bit of information, the new WordPress is really great.... actually they're all pretty good for that. Where WordPress shines is the management of images and files. It does a great job importing the files and then laying them out. Check out on the Dejero website some of the picture groups - http://dejero.wordpress.com . Periodically I think I'll migrate this site to WordPress but Blogger has been a solid platform for a long time.

All are free and both Blogger and WordPress are backed by great companies. You can set your own custom URL for them - see www.awpd.org or www.northshockey.org - these are WordPress sites hosted by WordPress. It's easy to set up, apply the domain and off you go. And it's easy in Blogger too!

In a world of content I think that you have to be comfortable with how you are delivering it. These three options (WordPress does count as 2) are top of the line for this sort of thing. Taking nothing away from Joomla or Drupal - they are much more complex and fancy content management systems - and are out of the scope for simple blog posting. It's not as hard as it used to be to get information out there - no more html coding for me!

OK so the major things that I find differentiate between the two products:

  • tags and categories are way better than labels - you can do so much more with them
  • WordPress handles image presentation on screen better
  • Blogger has been better when copy/pasting Word documents (which doesn't happen on this site, but does on others)
  • Blogger's minimalist interface gets out of the way of the posting - I find Wordpress to be a bit too fancy at times and it can be distracting
  • I'm actually running the middle WordPress on a tiny VM at home - can't do that with Blogger!
Back end stuff is a lot different. WordPress has a multitude of plugins - Blogger none. Blogger's stats are much better than WordPress's (much better). Ad integration is better on Blogger too (not that I really use Ads a lot but occasionally it's very nice when people click on stuff). 

From my comparison of the two I've just been delighted to have the opportunity to use them both in a meaningful way. Pick one, play with it - if you want to move then jump or simply create a couple of sites and mess with it. Both are free and both are great in their own way.

Conversations about the cloud in Australia

Another day and another chat with a client about cloud computing options. There are some absolute turkeys out there peddling cloud this and cloud that to people. Stop it! ADSL2+ doesn't provide enough bandwidth for your plans - in the war between reality and expectation, reality wins. This particular client is fortunately on the ball enough to realise that pushing all their key applications off their local server and into the cloud isn't a brilliant plan.

So what else do we do for these clients? What clever options can we provide?

It comes down to the application of course. If they're doing scanning or uploading large files to an offsite location it's not hard to use a Raspberry Pi or similar to get the data trickling out, or bulk upload it over night with a script.

If it's email or something like that - then get it into the cloud. Just let 'em know the limitations that their server currently manages - i.e. sending a large email out will take time. Your server used to plod along getting it out the door, but now you have to wait while Chrome sends it to Gmail. 

Remote Desktop Services aren't something people like, so what about a microserver with 2012 on it, AD replication and file replication using DFS? Under the right circumstances this will work over ADSL and people in both sites will see updated information reasonably quickly - depending of course on how DFS is configured. 

There are options - we just have to be smart about how it's presented and show a path forward if NBN does ever arrive. Today I showed a router upgrade to a client, then talked about how it's plug and play (almost) for NBN and how it can leverage great access for VPNs etc. We IT people are typically poor salesman - we either get excited over the trivialities of a solution or the technicalities of a solution and we lose our audience.

The biggest lesson I can give you is simple - use analogies to explain why cloud computing is a challenge. I always show an ADSL connection as a 4 lane highway in and a goat track out to represent the data path. People understand that - it's easy. Get yourself a few of these analogies and put them together to form a coherent image to bring your clients along with you in the discussion. Remember - a client can be a business client, friend, colleague or even your boss. With a little bit of education we can help our clients avoid big mistakes and avoid some of the bullshit around the cloud. 

The cloud can be great. We just have to be smart about it and make sure the shyster, bullshit artists out there don't screw up our client's networks because then we've failed in our jobs. 

In closing - please give us decent NBN! Australia needs it to grow and for businesses to be more agile (and I totally need it at home so I can download movies faster!)

Sunday, 8 May 2016

Google Keep and Apple Notes

This isn't so much a comparison, more of a discussion with myself about which one to focus on. First, the environment that you are in will determine this question much of the time - if you're on Apple, then the notes thing is built into their OS on desktops/laptops and into the iOS on your mobile devices. It has some nice features - encryption in transit, password protection, pictures and built into your iCloud experience. Here is where Keep has an advantage - it's available on nearly all platforms via the web browser. And it does most of those other things too.

Both companies are very clever. The interfaces, while different, share the same characteristics of note taking - different options for getting ideas down and into writing, while trying to make it all as straightforward as possible. They have in the main, quite slick interfaces too and very user friendly. We are truly spoiled for choice and this is part of the problem.

I use Macs, and PCs with Linux Mint and Microsoft Windows (in various flavours). I really like them all, but I prefer the Mac interface and hardware. Call me flash as a rat with a gold tooth, but it's a nice, neat and well put together combination. My main problem is - my personal phone is a Samsung S7 and work phone is an iPhone 6S so my personal notes are on the wrong device... but I like Apple Notes! I quite like Keep too, but it's too fancy for my liking. Yep - too many options and colours and other shit. I just need a piece of paper replacement and while both applications do that, I think Notes is tidier.

I like the sync across all devices I get from both apps - it's great and most helpful for keeping life in order, but this is where Keep shines - I can share amongst my accounts. That's pretty handy stuff that is. And Keep is in the cloud all the time - access via the web browser, apps on iPhone and Android now...

So which to use? I have a lot of data in both and the problem is, I know I've got something written down - like a username, but I'm buggered if I know where the damn thing is! 5 minutes of searching and I can find it. Pick one and stick with it I think. Keep seems the logical option - full sync across everything. But I prefer the interface to Apple Notes.

Which do you use?

Friday, 29 April 2016

Misgivings about the Internet of Things and hyper-interconnectedness

Last night I heard a lecture delivered by a chap from HPE - HP Enterprise for those of you who forget about their big breakup. He is in charge of innovation in the Asia Pacific region and he spoke a lot about the Internet of Things (IoT), drones, driverless cars etc. Sure, we really are moving towards a world where human interaction becomes far less of a factor when driving, delivering packages or even turning on the lights at home...

It really got me thinking about the impact to humanity and whether the pros will outweigh the cons. The hyper-interconnectedness of the world has it's upside but I think it's darker downside needs light shone on it. If your whole house is wired with sensors, motors and control units, then is it a stretch to muse on when the first house is compromised? If an attacker took control of your home just what could he do with it? Annoy you with the lights going on or off, tracking your movements throughout the place, knowing when you're asleep and therefore vulnerable or good old fashioned voyeurism. These options just popped into my head in the last 30 seconds and I'm a reasonable good, respectful and law abiding person. Imagine if I was a naughty ne'er do well?!

Quite apart from the issues inherent in being completely trackable and giving away any semblance of privacy is the issue that arises when the power goes out. Can one still open the doors, the blinds or the windows if it's all automated? And I have concerns over what might happen when the power comes back on and the house receives a power surge that damages the systems controlling all these components. There is a level of complexity to a house with IoT than there ever was before and the delicacy of these systems is not to be underrated.

Moving away from IoT to driverless cars and drones. The HPE chap (Roger something...) spoke at length about these too. While I've watched the whole notion of autonomous vehicles with some interest over time, I quite like driving and I'm not really prepared to give that up. I completely understand why some people hate it, why it would be a great thing for the elderly for example or infirm to help them get around, but I heard some absurd claims about reduction in parking spaces or some other nonsense. Autonomous vehicles still have to stop somewhere while you go and do stuff. How do you reduce the number of carparks exactly? I can also foresee more of these vehicles on the road than now, with more traffic as people who haven't got licenses or who can no longer drive take advantage of a car that will drive them anywhere. The limiting factors on road users will change, and some of these that move people off the roads (rightly or wrongly) will potentially disappear. Thinking about this from the transport and logistics perspective it's possibly an awesome thing to have trucks that can drive endlessly in a non-stop cycle with none of the pesky driver considerations we have now... but I can't help but think of the cost to human jobs. I worked in transport for a while and there are guys who genuinely enjoy getting out and about in the trucks, driving line haul or pottering around town. These guys (mostly) have a great skill set and will not be required after the introduction of an autonomous trucks. On to the sidelines for you - and then we have killer trucks chasing us like in the movie "Fortress".

Drones are becoming a big thing and will continue to get bigger over time. With many companies hoping to use them for deliveries - especially medicine or aid into remote areas - I think they're great. The potential for help is enormous... as is the balanced potential for harm. Drones already kill a fair number of people day to day in war torn areas as the US or other countries deploy them to blow shit up. Spy drones are already about looking into things they shouldn't be so privacy is going to take yet another hit, and the risk of some idiot flying their stupid drone into a plane or helicopter - yeah that will happen. We have the guys flying their drones over fires and things - which is a great tool for seeing what's happening (don't get me wrong - they have some amazing uses that preserve human life) but also restrict what other aerial vehicles can do (because they are in the flight space).  We have had water bombers diverted from fires with real concerns about them hitting drones. I think the issue there is more of command and control than the actual drone being a problem - coordinating a fire response is no trivial issue and someone with a drone in the way is a problem.

The end result of all this extra computer stuff floating around is a far more cluttered Internet and let's be honest - security is a massive issue. Complex software in complex hardware = mucho issues with security. Anyone who has done some programming knows that as complexity goes up, so does risk of an issue arising in the code. The reliance on the Internets infrastructure will increase and although the 'net is a most distributed system there are definitely ways to greatly impact a country. Imagine for example if someone attacked the Internet systems of a country and took down it's ability to manage routing - all those data packets with nowhere to go. How would it affect daily human life? I can't get my IoT coffee machine to work or I can't get my medical aid system to work because both of them connect back to a central management system located either at home or somewhere else. Uh oh. Can we get the 'net back up? We've already seen hospitals compromised because of holes in code or heaven forefend - people have no clue and use shite passwords or it's set up in a way that might be more user friendly and is far less secure than it could be.

Before we as a civilisation dive head first into the pond of hyper-interconnectedness I really think we need to slow down and understand the ramifications of what is going to happen. Big companies are not going to care - they have to make money and look after their shareholders and screw anyone else. The government needs to be across this and understanding it with techno-geeks involved to get through the heavy nerd stuff and legislate to improve protections and procedures around the IoT and associated systems. For example - drones are great, until they kill someone through stupidity or neglect. So let's try to legislate it and get it out there what you can and can't do. Something is better than nothing and attempting to get something in place is better than sitting back saying "I'm not sure - it seems like techno-babble to me!".

I for one welcome our new robot overlords when they arrive. I'd prefer the future to be a mix of humanity assisted by robots and IoT and not this:

I tried but I really couldn't resist putting up one of these pics. Ah pop culture. I hope that in some small way I've opened your mind to some of the other side of the issues I've talked about. I'm very excited about all these new gizmos and things - I can't help it - I'm a geek too. I just have a pessimistic side that impels me to consider the impact of new technology.