In computer programs sometimes you need something to happen if a condition is fulfilled. Other times if the condition is not fulfilled the program has to do something. In programming IF statements is one of the ways that is used to have a computer do multiple tasks based on a variable outcome. Here’s an example using a small bash script I wrote.
This script shows the user three options and prompts the user for a response. Either 1, 2, or 3.
If 1 is chosen then the computer will display the word “Yes”
If 2 is chosen the the word “No” will display.
If 3 is chosen then the program will quit.
Here’s the breakdown of the script:
This is telling the OS which programming language I’m using. In this case it’s the built in bash scripting language.
The text in blue is just comments for the programmers reference
I have the program echo or display the options to choose from to the user
The read command take user’s input and puts it into a variable. In this case the variable name is option1
Next are my IF statements. These statements use the option1 variable as a condition to check and see what code to execute. For example if the user selects 1 then the first IF statement will execute because option1 (which is the user’s choice) equals 1.
The IF statements require several things in order to work right:
Brackets to encase the condition [[ ]]
Spaces between the brackets and the conditional
A semicolon at the end of the brackets
A then statement
Code to execute if the condition is met
A fi statement to end the IF statement
You will notice that all of the IF statements in this script have all of these.
Here’s the script in action using all of the options available to choose from.
Depending on what option I give the program it will either display Yes, No, or quit the program with a termination message. This is the power of IF statements. A programmer can have the computer test a large amount of possible options all within one program. Great stuff!
Another option is to use ELIFs and the ELSE statement with the IF statement. With ELIF (Else If) I can combine multiple conditionals into one statement rather then using multiple IF statements. The ELSE statement will execute if the conditional for the IF statement is not met. To show this I’m going to modify the top script with ELIFs and an ELSE statement.
For more information on bash IF statements see: http://codewiki.wikidot.com/shell-script:if-else
In my last post I talked about some of the acquisition tools that are available to use for imaging evidence. This post will demonstrate how to use the tools I mentioned: dd, dcfldd, and FTK Imager.
For dd and dcfldd I’ll be using the SANS SIFT kit and for the FTK Imager demo I’ll by using a Windows 7 machine.
First let’s start with dd:
I’ll break down the command: First I have sudo, this command allows me to run a command as a different user. In this case I’m running this command as the root user. This user has privileges to make changes to the system. This is required because root access is needed to use the /dev/sdc device. Next is dd, this is the invocation of the dd command. Next is if=/dev/sdc. This is telling dd that the input file is the /dev/sdc device. Notice that I put /dev/sdc not /dev/sdc1. The reason for this is because the 1 is the first partition of the USB drive. I want to image the entire drive so I have to take out the 1 and that will allow dd to image the entire drive front to back. After if= is bs=, this is the block size. The block size tells dd how many bytes to convert at one time. The default block size is 512 bytes. This can be changed to a larger size but it may affect performance. Typically I use the block size of 4096 bytes or 4KB. The last part of the command is of=ntfs_usb1.dd. This is the where the output of the dd command is going to be placed. Because I only have the name of the file rather then the full path of the file, the output of the dd command will be placed inside of the file and that file will be placed inside of the current working directory. Notice the the file name ends with the dd extension. This is a raw file, literally ones and zeros. It can not be read by normal means. Forensic software has to be used to be able to view its contents.
After imaging to file I take MD5 hashes of both the USB drive and the image file to make sure that the image file is exactly the same as the USB drive.
Next is dcfldd, this program is almost identical to the dd command:
Notice that dcfldd shows what it has copied so far.
After imaging is complete the same output screen as dd will show.
After dcfldd completed imaging the USB drive I took a MD5 hash of the USB drive and compared it to the hash the dcfldd generated during the imaging process.
The last tool is GUI based and has far more options then the command line tools used above.
So here are the three tools that I use the most when it comes to forensic imaging. I hope you enjoyed this post. My next post will be a mock case where I will go through the first two steps of the forensic process: acquisition and examination. Thanks for reading!
I always used to download and update my programs the hard way. I would wait until the programs complain that an update is available. From there I would download the update and patch the program. I sure many of you do the same thing. It’s quite time consuming, until I discovered Ninite.
Ninite is a service that supports the installation and update of multiple programs simultaneously. The Ninite service supports a number of popular programs including iTunes, Skype, and Steam. The way Ninite works is you visit the Ninite website and select the program(s) that you wish to update or install then click the “get installer” button and your computer will download a program that will install and update the programs you selected in the background without any configuration required. Ninite will install the programs in their default locations and with the default settings.
Ninite is very easy to use, I’ll demonstrate it below:
Ninite is a fantastic tool that will save time when updating and installing programs on computers. For my next post I’m going to start diving into my specialty: digital forensics. This post will explain what digital forensics is and why it is important today. Thanks again for reading and if you have any questions or concerns please comment below.
A little while back I was using a simple way to backup my computer’s data. I used to drag and drop the folders between my original hard drive and the backup. Eventually when I had a great deal of data on my computer it became difficult to keep track of what was backed up and what wasn’t. I could have just continued to drag and drop my folders and files onto the backup drive but I did not want to deal with all of the duplicate warnings that came along when I backed up my data. Strangely enough I never used the Windows built in backup program, before I had a chance to do so I was shown an interesting backup utility called free file sync.
So what is free file sync? Free file sync is a program that synchronizes one hard drive’s data contents to another. It is perfect for backing up data. Free file sync is what is called open source software. Open source software is programs that have their source code (the actual programming code) openly available for the public to view and edit. What is great about open source software is that it is usually developed by a public community of developers, so updates happen very often. This is the case with free file sync as well so updates happen quite often.
Free file sync’s GUI shows the two hard drives in two separate tables. On the left is the primary hard drive and on the right is the backup or secondary hard drive.
Free file sync has some great features:
Multiple drives can be backed up at the same time
Compares contents of one drive against the contents of another
Multiple ways to backup data
Two-way updating is where changes to one hard drive will be reflected on the other when the back up in done. This occurs both ways. For example say I have two hard drives: A and B. I want to backup the contents of drive A to drive B. Free file sync will compare A to B and see what is different and write changes to B depending on those differences. If I create a text file on A then backup to B the same text file will be written to B. But with two-way if I change a file on B then the changes will be written to A when the backup is done. In my opinion this isn’t a good approach if the two drives are a primary and a backup. The only time I would write from the backup to the primary is if I was restoring the contents of the primary drive using the backup.
Mirroring is where the backup drive is changed to match the primary drive. This is the type of backup method I use and recommend. If I make changes to the primary drive, say deleting a few files and adding some others those changes will be written to the backup when I use free file sync.
Updating is where new and updated files are copied to the backup drive. Any files that are deleted from the primary drive that were previously backed up will still remain on the backup drive.
The custom setting is where the user can configure the way free file sync will back up hard drive contents. There are five options that can be turned on or off to create the custom setting:
Copy new items to the right
Overwrite right items
Leave as unresolved conflict
Overwrite left item
Copy new items to the left
Cross platform support
Free file sync can be used on Windows, Mac OS-X, and Linux
For Mac users I recommend using the built in time machine for backing up data and settings.
You can take the contents of an entire hard drive and just place them into a folder on the backup drive. It’s all up to user preference.
Free file sync is easy to use. I will demonstrate its use in the tutorial below.
Free file sync is an easy tool to use for backing up a single folder or an entire hard drive’s contents. For the next post I’ll be showing another tool I use that allows me to install and update multiple programs on my computer at the same time. As always if there are any questions or concerns please email me at email@example.com or leave a comment below.
I remember when I got my first computer back around 2000. It was a great machine when it first came out. It operated quickly, my programs ran quick, and it didn’t act up too much. All of that changed after about three months of using it. It started getting sluggish, programs would not run properly, and it would lock up quite a bit. I didn’t know what to do at the time. Afterwards I just bought a new computer. A few months after that I learned what was causing the original computer to act up. It was due to a lack of maintenance. I didn’t have any AV (anti-virus) or anti-malware programs on it. I also did not regularly run two built in Windows tools: chkdsk (check disk) and defrag. If I had used this set of tools then I may have been able to keep the older computer healthy. This post is about how to keep your computer virus and malware free. Also this post will show you what built in Windows tools will help with file system maintenance.
First let’s start with anti-virus programs. What exactly is an anti-virus program? These types of programs fall under an umbrella of programs called HIDS (Host based intrusion detection). Some may disagree with this assumption but I believe that AV does fall under this category since these types of programs monitor the internals of the computer system for unwanted software. Examples of AV programs are:
Microsoft Security Essentials
How do these programs work? After installation of the program it usually updates with files called signatures. These signatures are used by the program to pick up unwanted software that is on the computer. When the AV program scans the computer it will look for programs that match the signatures that the AV program has in its database. If there are any matches then the program will flag them and inform the user about what it has found. After that the program prompts the user about the unwanted software it found and gives the user options on what to do with the unwanted programs. Most AV programs have the same set of features: virus detection, real time protection, signature downloads, etc.
In my opinion there is nothing but pros when it comes to having AV software. No computer in use today should be without some form of AV software.
Here are some of the pros:
Instant detection of viruses
Deletion of viruses
Quarantine of viruses
There are no cons to having an anti- virus program installed on your computer. Today with hacking being so widespread anti-virus is critical to the safety and security of computers.
I use Microsoft Security essentials. It’s a free anti-virus solution that is available from Microsoft.
Another type of program that is extremely useful for computer security is anti-malware. These programs do essentially what anti-virus does. These programs are built to target malware. Make no mistake a virus is not a piece of malware. They are two different malicious programs. In my experience it’s best to have both an anti-virus and an anti-malware program installed on a computer at all times. Some examples of anti-malware programs are:
Features, pros, and cons for the anti-malware are pretty much the same as the features for the anti-virus software packages. These days never have a computer that does not have some form of anti-malware installed on it.
The next couple of tools that are useful are two built in windows utilities that assist with maintaining the file system and hard drive(s) of the computer. The first is chkdsk (check disk) and the second is disk defragment.
The first tool: chkdsk (pronounced check disk) is a Windows built in tool that checks the hard drive for errors in the file system. These errors can prevent the computer from functioning if they are not repaired. This tool will help in fixing these errors. This tool can be used in both the Windows GUI (graphical user interface) and the command line.
This is the second method for checking the disk drive, using the command line.
The second tool: disk defragment is a tool that is used to organize the contents of a hard drive. As the hard drive is used the contents of the drive become fragmented. As fragmentation occurs the performance of the computer slows down. This tool helps to mitigate that problem. This tool can also be used in the GUI and the command line. I will demonstrate both methods in the tutorial below.
Here’s the command line method of using defragment.
One of the most important things you can do with your computer is to keep Windows patched. What exactly is a patch? A patch is a piece of code that fixes a flaw in a program. When Microsoft finds a flaw in Windows they create a patch to fix the problem. Sometimes you will see a window pop up that says updates are ready to be installed on the computer. These are the patches that Microsoft comes out with to fix problems. These patches are usually released on the second Tuesday of every month. This Tuesday is called patch Tuesday. Always keep your computer patched with updates. There is a GUI window that will allow you to check for updates anytime you want. I’ll show this in the tutorial below.
The settings for Windows update can also be set to download important updates automatically.
The last thing is probably the most important task of all: backup your data. I remember on one of my older computers I lost all of my data because I didn’t back it up. Do not make this mistake. With all of the information that is on the average computer these days it is a real pain to have to start from scratch if data is lost.
I run my anti-virus, anti-malware, patch updates, and my data backup once a week. This has been good practice for me and I’m sure it will work well for you.
There is a real neat tool that helps with backups called free file sync. I use this tool to back up my data. I’ll cover this tool in the first post of a new blog post series called Rob’s tool box. Thanks for reading this post and if there are any questions or comments feel free to comment below.
Imagine yourself at a Bestbuy or other electronics store, you’re looking at a brand new computer tower that has Windows on it and your heart is set on buying it. After you get it home you go through the setup of the machine and the user account(s). After a few months of using the computer BAM!!!! Everything starts acting odd and you do not know why. All you did was browse the web and install a program on the computer. In the background without you knowing it the program you installed downloaded and installed additional programs on the computer. How did it do this without you knowing it?
Everyday many people use their home computers for many things: email, homework, writing, blog posts and banking or other sensitive activities. Your files have to be protected from unauthorized access and the first step to this is to not allow a malicious person to have access to an administrator account. Well this new computer you setup in the story had you setup an administrator account as the one you use for regular usage.
What is an administrator account? First I have to talk about the concept of privileges. With Windows there are different types of user accounts. The important types are: standard user and administrator. An administrator account has the ability or “privileges” to make changes to the system. Some of these changes include: installing and uninstalling programs, deleting certain files, changing security settings, and modifying the network settings. Standard user accounts do not have the privileges that administrator accounts have. This type of account can create files like documents and spreadsheets; they can also delete the files they create. However these accounts cannot make any changes to the system or access any file that does not belong to them. When a user logged into a standard user account tries to make system changes Windows will prompt the user for the administrator’s password (if there is one). Unless this password is put in correctly the system change will not take place. This feature is called user account control (UAC) and its primary purpose is to make sure unwanted system changes do not take place.
For regular computer usage an administrator account should never be used because you don’t want changes to be made to the computer by mistake. Also if a hacker gains control of your user account and it’s an administrator account then the hacker has complete control of your computer. Another reason to separate the user and administrator accounts is because if a user is logged into an administrator account and they click on a link that contains a malicious program then the program will install itself without the user realizing it. But if the same thing was done by a standard user account then the user account control will be triggered alerting the user that a program is trying to install itself. This is one way to stop programs from installing without you wanting them to.
Some of you may think that it’s inconvenient to have to type in a password every time you want to install a program on your computer. Think of it this way: you’re trading a little convenience for security. With airports getting to the gates can take a while because of airport security. Computer security is the same way; if you can put up with inputting a password every time you want to make a system change then you will have a layer of defense not only against attackers but also against user error and programs installing themselves without you knowing about it.
Setting up a separate user and admin accounts can sound like it’s hard but it is not. This can be done using one of two ways: The Windows GUI (Graphical User Interface) and the CLI (Command Line Interface). Personally I prefer the command line due to its simplicity and speed. But with the command line you need to know certain commands and syntax in order create the accounts. I’ll cover the GUI first:
Start off by making sure the account you are using is an administrator account
This is required because the admins are the only accounts that can make changes to a system. This includes creating user accounts.
Click start -> control panel -> user accounts and family safety -> User accounts
After you confirm that the account you are logged into is an administrator account the next step is to create a second administrator account that you know the username and password to. This account will take over the administrator privileges that your daily usage account will no longer have.
Click start -> control panel -> User Accounts and family safety -> click add or remove user accounts
After the setup of the new admin account is complete you can proceed to downgrade your regular usage account to a standard user account.
Close the currently open windows and click start -> control panel -> User accounts and family safety -> User accounts
Log out of the changed account then log back in for the changes to take place.
As an additional measure I alter my User account control settings. I make it more sensitive.
For the more advanced user the command line can be used to change user account types. Each account in Windows belongs to a group. Examples of groups are: the user group and the administrator group.
Open an administrator command line prompt. Click start -> type cmd -> right click on the cmd icon -> click run as administrator
Confirm that the account you want to remove is an administrator by listing the accounts that have administrator level access
Syntax: net localgroup administrators
Log out of the account and log back in to have the changes take place
After separating these accounts out make sure they are both protected with strong passwords. A strong password should be long and contain several different types of alphanumeric and special characters. In a later post I will be covering how quick common passwords can be broken, tools that can make and store passwords, passphrases, and how to make a strong password that is easy to remember.
I hope you have enjoyed and learned from this post. If you have any comments or concerns please feel free to use the comment box below.
Teaching the computing world how to protect themselves against hackers.