Saturday, March 28, 2015

Python in Eclipse ( PyDev )

Eclipse is an excellent choice for beginning programmers not just because of its feature rich interface, but also for its support for many programming languages.  These days, I would suggest starting with C/C++ then move to Java and last try to also learn Python for a "well rounded" computer science skill arsenal.  
Installation steps
1. Download the latest Java JDK
2. Download Eclipse IDE
3. Download Python
4. When Eclipse is running and the workspace is configured, you can just drag and drop the PyDev icon directly from the browser to the Eclipse workspace or install it manually. 

Browser drop: http://marketplace.eclipse.org/content/pydev-python-ide-eclipse 

  
PyDEv requirements, at least one of:



Click on Help and then Install New Software ....  Add the source to PyDev ( http://pydev.org/updates  ) and select the PyDev software installation.  It will take a few minutes to install and you will need to restart Eclipse for the installation to finish. 



Your First Project

That is all that you will need to install Python in your Eclipse IDE and start developing software in this new language. 

You can create a new Python PyDev module and quickly learn the basics.

File->New -> PyDev Module
Give it a name like “testProject” and leave everything else default.  If you receive a message when you create the PyDev module about the interpreter not being configured, just select the auto configuration option or manually point your IDE to the python.exe file from the path you chose to install Python into.


Example Code and Output


import sys
'Examples from: https://wiki.python.org/moin/SimplePrograms'

parents, babies = (1, 1)
while babies < 100:
print 'This generation has {0} babies'.format(babies)
parents, babies = (babies, parents + babies)
# This program adds up integers in the command line
try:
total = sum(int(arg) for arg in sys.argv[1:])
print 'sum =', total
except ValueError:
print 'Please supply integer arguments'
Output:

This generation has 1 babies
This generation has 2 babies
This generation has 3 babies
This generation has 5 babies
This generation has 8 babies
This generation has 13 babies
This generation has 21 babies
This generation has 34 babies
This generation has 55 babies
This generation has 89 babies
sum = 1500
Posted by at No comments:

Sunday, March 22, 2015

Flowchart is not just for Computer Science

Flow-charting can help you develop ideas, implement a logical flow without hidden dead ends and loops that never end.  Any process can be charted that can be used as an aid for project managers especially for students as they are deciding on major or changing majors.

In this example, happiness is a decision process that starts by the realization and the willingness to change.  One of the best ways to change is to look at ourselves and see our actions in a different way and by doing something for ourselves and others.

Unwillingness to make the transition and denying the need to change can lead into a vicious cycle of self-pity and depression.

As you look at your life and what you know, you can practice this type of mapping.  Identify patterns that can be later on converted to computer science projects.  Just make sure to start with something you know no matter how simple it looks at first.  You will be surprised how a simple process can grow into a complicated flowchart in no time at all.



Posted by at No comments:

Monday, March 9, 2015

Digital Forensics Model


The paper in 2010 by Simson L. Garfinkel, Naval Postgraduate School, Monterey, USA titled "Digital forensics research: The next 10 years" brought up may question and I have seen every single one of them become a reality in real casework.

"Digital Forensics is facing a crisis. Hard-won capabilities are in jeopardy of being diminished or even lost as the result of advances and fundamental changes in the computer industry:
  • The growing size of storage devices means that there is frequently insufficient time to create a forensic image of a subject device, or to process all of the data once it is found.
  • The increasing prevalence of embedded flash storage and the proliferation of hardware interfaces means that storage devices can no longer be readily removed or imaged.
  • The proliferation of operating systems and file formats is dramatically increasing the requirements and complexity of data exploitation tools and the cost of tool development.
  • Whereas cases were previously limited to the analysis of a single device, increasingly cases require the analysis of multiple devices followed by the correlation of the found evidence.
  • Pervasive encryption (Casey and Stellatos, 2008) means that even when data can be recovered, it frequently cannot be processed.
  • Use of the “cloud” for remote processing and storage, and to split a single data structure into elements, means that frequently data or code cannot even be found.
  • Malware that is not written to persistent storage necessitates the need for expensive RAM forensics.
  • Legal challenges increasingly limit the scope of forensic investigations."

So, here is an updated model of digital forensics, but the concept of  recovered data that can not be processed is a concept that many CSI trained "professionals" are still battle with causing frustration, time delay, and unnecessary cost increase.



Fortunately,  most of those accused of wrong doing are not deploying more sophisticated methods to circumvent data discovery, but device, operating system, and software vendors deploy technologies making discovery and production of evidence much harder without the increased technical skills by the users.
Posted by at No comments:

Sunday, March 1, 2015

IP Routing in Investigations

Information Assurance, Incident Response, Digital Forensic investigations depend on understanding how packets are built to indicate the source of the attack.

So, if we need to complete a frame with destination MAC address, we need to broadcast ARP packets to ask for that DLL layer info.  If the IP is not located on the local network, then we'll get the default gateway's MAC address in order to complete the frame.  So, we froward the frame to the default gateway and let the router locate the destination.  Therefore, if the frame comes to us with a MAC address of the default router, the packet is coming from the outside, but if it is coming from a MAC address that we can see in our ARP table, then it is an internal source. 

This is a crucial skill to understand if you want to be successful in these fields. 

Try it yourself:  
1. Ping another computer on your network
2. Type ARP - a and see the IP - MAC mapping
3. You will see the MAC and IP address of the other computer
4. Then ping www.google.com or another website outside your network
5. Look at your ARP - A table again
6. This time, you will see the MAC address of the default router not google


Posted by at No comments:
Subscribe to: Posts (Atom)