Digital forensics on an SSD

Recently I was able to listen to a guest lecturer by a chap working the digital forensics field. There were a few interesting things to come out of the lecture. They are, in no particular order:

• document and timestamp everything you do - it doesn't matter if it's written down, or you use software, but you have to show the steps you went through to reach the conclusions you're putting forward
• EnCase is an industry favourite software
• small cases can take you in surprising directions and you can go from a $40,000 fraud case and end up with a $250,000 + fraud case!
• recovering RAID arrays can be a trick - but you can image each disk and use EnCase to rebuild the array which is pretty neat!
• you can't carve an SSD to recover data like you would a HDD

That last point is the one I want to mention. On a magnetic hard disk drive (the regular type of drive people have been using) when a file is deleted, it's removed from the File Allocation Table and the computer recognises it as free space, ready to overwrite. It's relatively straightforward to then get that data back - a process I've performed dozens of times to save someone's bacon when they've deleted all their uni work (for example). But on an SSD the process is different. 

On a TRIM enabled SSD (and this is all modern SSD's) the data is removed immediately when you delete it. The OS clears the space for re-use and it's not recoverable. This applies to USB drives as well - any flash media in fact. Once a file is marked for deletion, the operating system erases it completely and then that space is available again. This keeps the SSD running fast. It makes it very hard, if not impossible to perform data carving (or recovery) on an SSD. Uh oh - that makes life harder for the digital forensic expert! 

It's amazing though - even with these kinds of hurdles to getting data out and processing it, people still make it easy to be caught. For example, using work email to talk about things people are doing wrong, or storing data on work computers that has evidence of wrong doing. There is no expectation of privacy when you use a work asset - the company owns all this stuff and all the data on it. And most companies will comply with search orders giving an investigator plenty of access to what they are looking for.

It's interesting stuff, but I don't think I'll make a career of it - getting into the business seems quite tricky and while it is a fascinating field, there is a lot of tedious combing through search hits for relevant results that, quite frankly, looks boring. Never say never though!

Netgear D6300 Review

After my poor little TPlink Router bit the dust with a recent power fluctuation I was keen to get something with a solid WiFi capability. The TPlink router I was using didn't have the greatest coverage around the house, and certainly not outside the house, and with the recent installation of a Chromecast I was keen to find something with a bit more zing. Also, due to my dodgy cabling set up, I have half my machines on one side of the house, and the other half on the other side. The cabling between the two goes through the router and I wanted a gigabit link between the two halves.

So a router with 5GHz wireless and gigabit networking? My local nerd supplier handed over the $399 Netgear D6300 and told me it was the best he had. He noted my sceptical look, but assured me that it was good to go. OK I'll have a crack at it and see how it goes.

It took about 45 minutes to configure it - I've got a fairly complex network with a lot of crap all over the place, all sorts of forwards and Dynamic DNS configured. I also have a large number of static DHCP entries - nightmare. Once I got it all across, plugged in and set up and away we went. I quite like the Netgear method of showing what's happening on the network. That's one of the very few things I do like about this router.

Here are the other things:

• the wireless is good
• throughput on the gigabit network is very high, so that's good
• Dynamic DNS works out of the box and has some nice reporting
• it's not a bad looking bit of gear:

OK so here are the things that suck about this router:

• the interface is slow. I tested it under:
• Safari
• Chrome
• IE
• and it was pish under all of them. Slow to refresh and slow to respond.
• update stopped part way through and I had to restart it - thought I'd bricked the thing
• updates to DHCP require a reboot of the damn router! What the hell?! All I'm doing is changing a MAC address or an IP and the whole thing has to reboot to update it. This makes me very unhappy and annoyed.
• it wouldn't initially talk to one side of the network - I ended up having to install a gigabit switch to get the thing to work properly. This isn't optimal, although it does take the network link between the network sides away from the router for when it restarts every time I perform a basic function. 

All in all, for the price, I'm a bit ambivalent towards the D6300. My dirty old TPlink, with no frills, worked pretty well and I wasn't hating on it too much when it died. Now that it is gone, this Netgear has a bit to do before I'm impressed. We will see how it goes over time, however I wouldn't rush out to buy this one.

Ubuntu 16.04 LTS First Impressions

Another polished release - Xenial Xerus (at least I hope it’s polished!)

I’m using it for a test WordPress system at the moment so I’ve been concerned mostly with that. PHP5 is gone, replaced by PHP7. The main issue with this is no more SSH2 PHP7 extension! It makes installing new themes or plugins, or updating them tricky in WordPress as it relies on this. I’ve had to default back to using vsftpd but even that is crashing at this time. To work around that, add:

define(‘FS_METHOD’, ‘direct’);

into wp-config.php

See https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04 for a great walk through on this - in fact, check out Digital Ocean - they have some excellent stuff on there, including these tutorials. If you're like me and would love to delve into the intricacies of nginx or some other equally complex bit of software but don't have the time, Digital Ocean give you a way to get things up and going with very little in the way of issues. Nicely typeset and well laid out tutorials - thanks a million guys! (I am in no way affiliated, merely a fan).

I performed the install inside a VMware Player and it was as usual quite fast. Updated hostname and /etc/interfaces/network to sort out IP addresses and the like and off I went. Install of WordPress was straightforward and the set up was reasonably quick - a mite quicker I might say than the one on 14.04LTS that I performed last week. PHP7 seems more responsive and I played around with both my VMs to see if there was much difference - installing the same theme into both to see what the speed impact might be. PHP7 was marginally quicker, although I wouldn't suggest it was statistically significantly quicker.

I noticed that updates using apt-get had a much shorted list of archives being hit which was interesting. In the past it seems there was an ever increasing number of new archives being added until the sources.list ends up a mile long. So quicker updates, presumably more efficient is always a good thing. I have no idea what the desktop interface looks like - probably more of the same of that Ubuntu look (which I personally am not in love with - give me Mint's any day).

Much more of my time was spent using this VM to try and get a dirty website going - I am no webdev and I really don't like doing it. Sadly, sometimes you have to so I will continue plugging away at it tomorrow. Ubuntu 16.04 LTS though - looks like it's the goods. Get on it and see how if it does the job for you!

Blogger vs WordPress - a comparison of great products

This blog is written on Blogger - I am a big Google fan and I love a lot of their products. Blogger dovetails nicely with the other Google Apps I use and so it's a handy piece of kit. The interface hasn't really changed much in quite a while - it's simple yet user friendly. If you're looking for a blogging tool, it's really quite good.

I started to play with WordPress a short while ago for a client. They are using it to power their website and the more I've played with it the more I like it. There's a great interface - and I really like the new posting experience on it. Here is a comparison of the three different ways you can create a post with Blogger, old WordPress and new WordPress:

How meta! A blog post in a blog post - this is the Blogger interface

The old interface for WordPress - it has some nice features indeed.

The new posting experience in WordPress. Takes a bit to get used to.

I like the stark simplicity of Blogger - I've created about 165 posts (some of which never made the light of day) here at www.ryv.id.au. On the WordPress sites I manage - and there are a few - I've created about the same number of posts. For quick updates and slamming on a short bit of information, the new WordPress is really great.... actually they're all pretty good for that. Where WordPress shines is the management of images and files. It does a great job importing the files and then laying them out. Check out on the Dejero website some of the picture groups - http://dejero.wordpress.com . Periodically I think I'll migrate this site to WordPress but Blogger has been a solid platform for a long time.

All are free and both Blogger and WordPress are backed by great companies. You can set your own custom URL for them - see www.awpd.org or www.northshockey.org - these are WordPress sites hosted by WordPress. It's easy to set up, apply the domain and off you go. And it's easy in Blogger too!

In a world of content I think that you have to be comfortable with how you are delivering it. These three options (WordPress does count as 2) are top of the line for this sort of thing. Taking nothing away from Joomla or Drupal - they are much more complex and fancy content management systems - and are out of the scope for simple blog posting. It's not as hard as it used to be to get information out there - no more html coding for me!

OK so the major things that I find differentiate between the two products:

• tags and categories are way better than labels - you can do so much more with them
• WordPress handles image presentation on screen better
• Blogger has been better when copy/pasting Word documents (which doesn't happen on this site, but does on others)
• Blogger's minimalist interface gets out of the way of the posting - I find Wordpress to be a bit too fancy at times and it can be distracting
• I'm actually running the middle WordPress on a tiny VM at home - can't do that with Blogger!

Back end stuff is a lot different. WordPress has a multitude of plugins - Blogger none. Blogger's stats are much better than WordPress's (much better). Ad integration is better on Blogger too (not that I really use Ads a lot but occasionally it's very nice when people click on stuff). 

From my comparison of the two I've just been delighted to have the opportunity to use them both in a meaningful way. Pick one, play with it - if you want to move then jump or simply create a couple of sites and mess with it. Both are free and both are great in their own way.

Conversations about the cloud in Australia

Another day and another chat with a client about cloud computing options. There are some absolute turkeys out there peddling cloud this and cloud that to people. Stop it! ADSL2+ doesn't provide enough bandwidth for your plans - in the war between reality and expectation, reality wins. This particular client is fortunately on the ball enough to realise that pushing all their key applications off their local server and into the cloud isn't a brilliant plan.

So what else do we do for these clients? What clever options can we provide?

It comes down to the application of course. If they're doing scanning or uploading large files to an offsite location it's not hard to use a Raspberry Pi or similar to get the data trickling out, or bulk upload it over night with a script.

If it's email or something like that - then get it into the cloud. Just let 'em know the limitations that their server currently manages - i.e. sending a large email out will take time. Your server used to plod along getting it out the door, but now you have to wait while Chrome sends it to Gmail. 

Remote Desktop Services aren't something people like, so what about a microserver with 2012 on it, AD replication and file replication using DFS? Under the right circumstances this will work over ADSL and people in both sites will see updated information reasonably quickly - depending of course on how DFS is configured. 

There are options - we just have to be smart about how it's presented and show a path forward if NBN does ever arrive. Today I showed a router upgrade to a client, then talked about how it's plug and play (almost) for NBN and how it can leverage great access for VPNs etc. We IT people are typically poor salesman - we either get excited over the trivialities of a solution or the technicalities of a solution and we lose our audience.

The biggest lesson I can give you is simple - use analogies to explain why cloud computing is a challenge. I always show an ADSL connection as a 4 lane highway in and a goat track out to represent the data path. People understand that - it's easy. Get yourself a few of these analogies and put them together to form a coherent image to bring your clients along with you in the discussion. Remember - a client can be a business client, friend, colleague or even your boss. With a little bit of education we can help our clients avoid big mistakes and avoid some of the bullshit around the cloud. 

The cloud can be great. We just have to be smart about it and make sure the shyster, bullshit artists out there don't screw up our client's networks because then we've failed in our jobs. 

In closing - please give us decent NBN! Australia needs it to grow and for businesses to be more agile (and I totally need it at home so I can download movies faster!)

Google Keep and Apple Notes

This isn't so much a comparison, more of a discussion with myself about which one to focus on. First, the environment that you are in will determine this question much of the time - if you're on Apple, then the notes thing is built into their OS on desktops/laptops and into the iOS on your mobile devices. It has some nice features - encryption in transit, password protection, pictures and built into your iCloud experience. Here is where Keep has an advantage - it's available on nearly all platforms via the web browser. And it does most of those other things too.

Both companies are very clever. The interfaces, while different, share the same characteristics of note taking - different options for getting ideas down and into writing, while trying to make it all as straightforward as possible. They have in the main, quite slick interfaces too and very user friendly. We are truly spoiled for choice and this is part of the problem.

I use Macs, and PCs with Linux Mint and Microsoft Windows (in various flavours). I really like them all, but I prefer the Mac interface and hardware. Call me flash as a rat with a gold tooth, but it's a nice, neat and well put together combination. My main problem is - my personal phone is a Samsung S7 and work phone is an iPhone 6S so my personal notes are on the wrong device... but I like Apple Notes! I quite like Keep too, but it's too fancy for my liking. Yep - too many options and colours and other shit. I just need a piece of paper replacement and while both applications do that, I think Notes is tidier.

I like the sync across all devices I get from both apps - it's great and most helpful for keeping life in order, but this is where Keep shines - I can share amongst my accounts. That's pretty handy stuff that is. And Keep is in the cloud all the time - access via the web browser, apps on iPhone and Android now...

So which to use? I have a lot of data in both and the problem is, I know I've got something written down - like a username, but I'm buggered if I know where the damn thing is! 5 minutes of searching and I can find it. Pick one and stick with it I think. Keep seems the logical option - full sync across everything. But I prefer the interface to Apple Notes.

Which do you use?