What I gushed over a few posts ago has finally happened! SQL Server has a come to Linux (sort of). The database engine is now available as CTP1 and you can get it by adding the repository and running the setup script.
You can follow the walk through for your favorite flavor of Linux, so I won’t repeat that here. it’s really very simple, just a matter of pointing to the correct repository and then apt-get install (Ubuntu). It comes with a setup script that pretty much does all the heavy lifting for you. Keep in mind that this is just for preview so there’s not a lot of options and it sticks everything in a single set of directories (logs/data/tempdb).
I had a small problem when I did the install, but it turned out I just needed to update a few packages. In the event you’re not a Linux person, here’s the easiest way to fix this:
$ sudo apt-get update
$ sudo apt-get upgrade
There’s a lot of stuff to dig into in this release, and as newer versions come out I’ll get more in-depth, but I just wanted to make a quick post about what I did in my first thirty minutes.
After the install, I connected via SQLCMD, as there is no SSMS in Linux yet, using the sa and sa password set in the install. I then created a table, dropping a single row into it and then selecting. Not terribly complex stuff.
I took care to try different cases, adding and neglecting brackets ‘’ and semicolons. It responded how I expected it to react if I was on a Windows system, which is very reassuring. It’s nice that my T-SQL skills translate seamlessly to the Linux environment, at least internally to SQL Server.
Next, I put my box ‘U64’ on the network and lo-and-behold I was able to remote into it by its Linux hostname from SSMS 2016 on a Windows machine. No additional setup was required. Microsoft appears to be taking this integration of the Linux and Windows environments seriously.
I then created a SQL login for myself and logged in that way. No issues.
This is of course just for CTP1, so a lot of these items will probably show up later. I mean, SQL Server without the SQL Server Agent? That doesn’t even make sense (I’m looking at you Express Edition). There is sort of cascade effect as other items like Maintenance Plans and such that rely on these missing features also being MIA.
Also, larger items like Availability groups will also be absent because there’s no Linux analogue for them currently. From what the SQL Server team said in their AMA on reddit they’re toying around with RedHat clustering as a replacement for this in the Linux environment.
The last thing I did before the end of my 30 minutes was to look at the version. As you may or may not know, the Linux version is based on SQL Server vNext, which (as the name implies) is the NEXT version of SQL Server. There was some talk about it being a port of SQL Server 2016, which does not appear to be the case.
Microsoft SQL Server vNext (CTP1) - 184.108.40.206 (X64)
Nov 1 2016 23:24:39
Copyright (c) Microsoft Corporation
on Linux (Ubuntu 16.04.1 LTS)
And that’s it! As mentioned before I’ll be doing deeper dives into this as time goes on, at the very least with each CTP. But I have to say I’m happy with the results so far. Everything (that was available) worked as I expected it to work. Nice work MS!
While I’m putting together my big update on Inventory Manager, I thought I’d take some time to throw confetti into the air. There may be some excited clapping as well. I warned you.
I largely see myself as platform-agnostic. While I think that certain companies do individual products well, I also believe it’s fair to say that none of them do everything well. I use Android phones and Apple tablets, Linux for home (mostly) and Windows at work. Heck, I’ve got a Roku and a Chromecast because they both do things that the other doesn’t. I’m all over the map, but all over the map is a great place to be, especially in the tech industry now.
Despite all of this, I have to admit I am partial to Free Open-Source Software (FOSS). Give me a choice between Ubuntu and Windows, and all other things being equal, I’ll choose the Debian-based option. I’ll admit my biases.
So, when MS started moving in this direction I was happy. I wanted to see this trend continue, and boy has it. First of all…
When Microsoft announced that .Net was going open-source, I was cautiously optimistic. I’m not a big .Net coder, but I could see the benefit and was hopeful that MS would continue down this path. This lead to some cool things that I thought I’d never see in a million years, like .Net running on Redhat.
There’s understandably some cynicism about Microsoft’s true intentions, as well as their long term goals, but this is the cross-over that I’ve been wanting to happen for a while. Blending the strengths of RHEL with .NET on top is a great start. If the .NET development platform can be ported, why not parts of the Windows Management Framework? We could even one day see…
I didn’t always like Powershell, in fact prior to Powershell 3, I just referred to it as PowerHell. Since 4.0, however, it’s no secret that I’m a fan; one look at my github will tell you that. I like its logical approach to (most) things and that it works for simple scripts quite easily, while being a powerhouse (no pun intended) behind the scenes.
This shell coming to OSX and Linux will be a boon for both systems. While I am, and will probably always be, a bash scripting guy, Powershell in Windows just makes everything so gosh-darn easy. If I could whip up a PS1 script with a few imported modules and attach it to a cron job with ease, then I think everybody wins, mostly me. But, if I decide that I want to use bash instead, that’s okay because…
This isn’t a one way transition. Microsoft is making a trade, bringing one of the most widely used shells to Windows. This not only makes scripts more portable, but also knowledge.
Have some ultra-fast Linux bash script that works wonders? Super, you now have it Windows, too. Wrote a script to do some directory work in Powershell? Great, you now know how to do it in Linux.
There are very few downsides to this, other than the obvious security issues and that it isn’t truly a stand-alone shell (it’s part of Ubuntu on Windows). In any case, it allows interoperability between software from different systems. This is great now that…
This isn’t technically going open source, as it will run inside a container, but the idea that this will now be possible and supported is like something out of my greatest dreams.
I have a maybe-controversial opinion that SQL Server is the best relational database system out there. For all its faults, I’d rather use SQL Server 2005 SP1 than Oracle 12c. Just the way I feel, and for reasons I won’t go into here. I hope the things I like about SQL Server translate to the Linux environment.
The fact that Ubuntu is supporting this with Microsoft is great. I can’t wait to use my favorite OS with my favorite database engine on the same system.
There are other items I’ve glossed over, but these are the big ones to me. Soon, we will be able to run SQL Server on Ubuntu Linux with cron jobs executing Powershell for a .Net application that resides on an RHEL box. *excited clapping* (I warned you.)
A month or so ago I did a walk-through of some simple computer forensics using Deft 7 Linux (Carve and Sift: My Primer to Linux Computer Forensics). There have been several other versions of this distro to come out since then, but now that the beta for 8.0b has been released publicly, it marks a slight shift in the way Deft handles.
While my previous guide is still valid, there are a few additions that really place this version above its predecessors. Now, I’m not going to go through every change, you can do that by going to their website, but there are some really neat features that I’d like to point out.
The first thing that will hit you when you start Deft 8.0b is the new layout. While the base operating system is still Ubuntu (Lubuntu to be precise) the LXDE desktop has been further customized from its 7.x version and now looks and feels like its own OS rather than a 1-off from an Ubuntu derivative. The menu is themed for Deft 8.0 with a little 8-ball and more icons have been added to the bottom panel.
The desktop still has the LXTerminal (a must) and the evidence folder, but gone is the “Install” option. Since this is a beta version it is unclear whether this is gone forever or if it will be back later. 8.0b is certainly installable as the boot menu attests.
Guymanager, a very nice disk managing/imaging tool, has been added as well as the file manager for quick access. You’ll see in my screenshots that there is a “Get Screenshot” icon on the desktop, but that was added by me for this article and is not default.
The menu panel is almost entirely new, with only LxKeyMap being carried over with the standard desktop selector. There is a whole host of new software moved in, some from previous versions of Deft but were housed in the menu (like Autopsy) or on the command line. All-in-all this is a good move, as the most used programs are put front and center and the more specialist and less-used are in the easily navigable menus.
Deft 8.0b brings a lot of new software to the distro by default and the latest versions of most of it. This version is 64-bit only, and able to work in up to 256TB of RAM. Previous versions could only “see” 4GB because of the 32-bit limitation.
Again, their post on the update gives a broader view of the changes, but there are a few that I wanted to note in summary:
Cyclone is now at 0.2 and appears to be mostly the same as before. I’m assuming the changes are back-end.
Sleuthkit 4.0 stable is now included, but the Deft devs say that 4.1 will be on the official 8.0 release. [Website]
Guymanager 0.7.1, mentioned before, is a very nice forensics tool/disk mounting utility. [Website]
Tor is now available pre-installed with browser. I’ve not much use for this, but it is an increasingly-popular internet-access method. [Website]
Skype Xtractor is also new and is probably my favorite addition to Deft 8. While I’m not a criminal investigator, and I’m generally only using the distro for file-recovery, its future utility could be invaluable. Skype Xtractor is a command-line program that extracts the tables from Skype’s main.db and chatsync files and outputs them to html. So far, you can only get it on Deft 8, but it’s so useful I can’t imagine that it won’t show up elsewhere.
New Everything Else
Almost every other piece of software has gotten an update since Deft 7 and some have been given GUI front-ends, which is nice for beginners or those not terribly familiar with Linux command-line. The focus on 64-bit architectures with this version will mean that it probably won’t supplant my use of Deft 7 completely; there are quite a few machines in use out there that are single-core systems.
If you’re familiar with Deft 7, then I’d recommend getting 8 and using it on your 64-bit machines when able, since everything that was in the previous version is in this one (even though it’s beta) and better. Switch back to 7 only if you have to do so. However, if you’re new to computer forensics then I’d recommend sticking to 7 or waiting for the official Deft 8 release which should be very soon.
I’ve always been a DIY kind of guy when it came to technology, and the idea of giving my data to cloud services such as Dropbox or Box.com (and whoever has access to that data besides them) seemed a little iffy. The cloud, as great as it is for some things, isn’t really built for too much security. Keeping data private on an internal system is hard enough, but throwing it out to the internet only multiplies these issues.
That’s where BitTorrent Sync comes in. Built by BitTorrent Labs (and using the BitTorrent Protocol), this solution boasts that it will allow you to sync between different OSes, securely, and without throwing any of it out to the cloud. This increases security incredibly, and isn’t that hard to set up. I put it on my Linux laptop (Stu) and a Windows 8 desktop (Zer0), both of which I’ve used in previous projects. It works, but it has a few caveats as you’ll see below.
Installation on Linux
Linux installation is fairly easy, if a bit obtuse. Instead of an installer of any kind, the package for BitTorrent Sync comes with a License.txt file and a single btsync binary. To start up the software, simply unpack it, navigate to the containing folder in a terminal and run the ./btsync command. That’s it.
[code]$ cd /Location/of/File
However, unlike it’s Windows and MacOS brethren, there’s no independent GUI to use. You’ll need to open a browser and head to a webpage to administer it. In most cases you can use the address 127.0.0.1:8888
From there you can select the folder you want to sync as well as generate a secret key for said location. The key is to allow other computers on your network to access the folder securely. Barring any conflicting firewall settings on your local machine, this should just be a matter of putting in the secret when you add a folder.
If you need the key from a folder you’ve set up previously, you can get it again from the gear icon next to the listing in BitTorrent Sync. Also, if you head to the Advanced tab you can grab a “Read-Only” secret. If you use this key when setting up another computer, it will read from the folder but never write to it. This is useful if you want the updates to go only one way or you want to give someone the ability to see what’s on your machine without running the risk of them deleting or altering the files.
Installation on Windows
Next, I went to Zer0, my Windows machine, and installed the software. From what I understand, the Windows and MacOS versions are pretty much the same, so other than the intricacies of the Mac platform the installation and use should be very similar.
After running the installer, you’ll be presented with a page that has several tabs. Go to the “Shared Folders” tab and click on “Add”. Put in the secret from the share that we want to access and click “Okay”. It should have all the information it needs to connect and start syncing. Mine did it automatically and pulled the four or so test files with no further work on my part.
You can also add a local folder and sync it here. By default it’s the btsync folder in your Documents directory. I just left this as it is for my testing purposes.
Tweaking the System
Now that it’s set up, you can do a few more things to shape it to your preferences. As you first may have noticed you can add any number of folders to sync, for no cost unlike most cloud services. So if your primary concern is just moving files back and forth behind the scenes (as I do) then that’s probably this setup’s greatest strength beyond security.
There are further options as well that fall into the more advanced users’ category. On the Preferences page in both the Linux WebGUI and the Windows application, you can set rate limits, alter whether the software loads at boot and some other odds and ends. In the Advanced section, you can do even more. Here’s a quick rundown of these options:
disk_low_priority: If True, BitTorrent Sync will set itself to Low Priority on the system. Turn this on if you’re noticing serious speed problems when using BitTorrent Sync
lan_encrypt_data: If True, BitTorrent Sync will encrypt data sent over the local network. Turn this on if you want to hide your traffic from others who may be using the same network as you.
lan_use_tcp: If True BitTorrent Sync will use TCP instead of UDP for local transfers. Will use more bandwidth but will be (at least theoretically) more reliable.
rate_limit_local_peers: If True, BitTorrent Sync will apply rate limits (set in General Preferences) to local users. By default rate limits are only applied to external peers (those not on your network).
In Linux, these options as well as a few others are all stored in the configuration of btsync. You’ll need to go to the folder that you have btsync running in to access it. First, you’ll probably want to output a sample configuration and open it in a text editor to see all options you have. There are quite a few.
It’s pretty self-explanatory, but I want to direct your attention to the username/password fields. Remember that webpage we went to earlier to set up the shared folder on Linux? Well it’s actually hosted from your machine, meaning that anyone who as the access to the network can pull up your BitTorrent Sync options and mess with them. So it might behoove you to set this option.
Once you’ve organized things the way you want them in your sync.conf file, save it. Now, you can import it back into the BitTorrent Sync application by running btsync with the modified conf file as such:
[code]$ ./btsync –config sync.conf[/code]
Worth the Effort?
And that’s pretty much the ins-and-outs of the BitTorrent Sync application. I imagine that I’ll be using this not as my primary software to sync things between machines or as backups, but I will have it move files and folders from one machine to another periodically. Perhaps one could set up a backup drive on a server that just copies one way from all the machines that are linked to it. I imagine that could be a project for a different day.
On the whole this is a nice piece of software that pretty much does what it says it’s going to do, and securely. I know it’s Linux, but the lack of a real GUI and the complication of editing advanced options by way of the .conf file is kind of a downer. I’m totally fine with using the command line (in some cases I prefer it), but that drags down the score a bit on this one because it’s not very user friendly. Still, a fine piece of software that I will definitely be utilizing in the future.
Rating: 4.5/5 – Pretty darn good. However, the Linux version takes a little work to get customized and the Windows/MacOS advanced pages are a little confusing at first.
I was rummaging through some old software of mine a few weeks ago and taking stock of the old operating systems that I had commercially. I noticed that along with some older versions of Redhat and Ubuntu Server, I owned every version of Windows since 95, including quite a few server versions. I wondered what I could possibly do with them, since I don’t even use my store-bought copy of Windows XP anymore.
Then I looked at my new Galaxy Note 10.1 tablet and got an idea. I wondered if I could get Windows 95 to boot on it. So, I fired up Virtual Box and an old machine I had and got to work.
Note: I am using Ubuntu 12.04LTS and a Galaxy Note 10.1 to do this project. Also, I had access to another, older machine with which I could install Windows 95 myself. Your mileage may vary.
There are a few ways to go about this. One is to use Virtual Box to create working Windows 95 VDI file and then convert that to an IMG after you’ve got it running and another is to just find a computer with Windows 95 and make an image of the drive. Either way you’ll have to do three things:
Install DOS 5.x or better before installing Windows.
Install Windows 95 and get it working.
Make your image (.IMG) file.
Now, I’ve tried both ways, and they’re both complex. In the first example, using Virtual Box to create a Windows 95 compatible area for the OS to work in is a pain. This is because the Windows 95 disk is not bootable (and neither is Windows 98 for that matter). You have to have DOS 5.x or later installed first and THEN go to Windows 95. This is as much work today as it was back in when Win95 came out.
Then, once you have Windows 95 running you need to get all the drivers (and you’ll probably have to use an older version of Virtual Box because of compatibility issues), some of them custom-made, install them, and squash bugs as they come up.
When you have everything set up Virtual-Box side, you can convert the VDI to an IMG file to make it usable with the vboxmanage command in termninal:
vboxmanage clonehd Win95.vdi Win95.img --format RAW
This is not the method I recommend, as it is the hardest even with a walk-through, however it may be the easiest for people with limited access to hardware. I had, luckily, a piece of hardware that would run Win95 with minimal effort so I went that route.
First, I put I installed MS-DOS 5.0.7 (available legally and for free here) from some image files to actual real-live 720KB disks. Yes, I still have a few of those. Then I set up my CD-ROM*, no small feat, and began the Windows 95 install.
Once this had been done, I pulled the HDD out of the computer and connected it to an IDE slot in another machine. I then used the dd command to make a raw image file of the newly-added drive. This ended up giving me a large file because I had given a Gig of space to the virtual drive so I’d have lots of space to move around. You could probably get away with only 200 or 300 MB if you wanted to do so. In any case, the command to image the drive was:
Now I had my Windows 95 image and it was time to get it running on the tablet!
There are multiple ways to get Windows to run on your tablet once you have an image you like. I personally went through my version and pulled out all the things I didn’t want so I could create a smaller image. I eventually got the entire thing down to 200MB, but that was with a lot of work. There are also two ways to get the image running on your tablet. There’s the way I did it initially, and then the easy way. I’ll be showing the easy way and then give a brief overview of the more difficult path.
The Easy Way
You’re also going to want to use something like AirDroid, which I’ve reviewed before, to move the files over because chances are you’re going to be doing this a lot. As you make tweaks or move different things back and forth that GUI is going to come in real handy.
Move your image file over to your device and take note of its location. You’ll probably want to write it down or something, make sure you note the CASE of the letters, because that will be very important. Also you’ll need to make sure you have enough space to copy the image over to the working directory of the emulator that we’re going to use here in a minute. So you’ll need at least twice the space of the original IMG file to use it.
Go to the Play Store and find Motioncoding’s Emulator. It looks like an Android with the Windows XP flag colors on it. Download, install and run it.
Once running, go through the menus (using the forward/back buttons, it really couldn’t be more simple) until it asks you to install libSDL and do so. Then select the option under “Import from Library” to Add Custom Images. Name the image whatever you want and put in the path to the image in there. For example, mine is:
Select the image from My Images and continue to the end. You should see your OS boot.
The Hard Way
The reason I’m putting the hard way on here is because it gives you a bit more control over your install and, I think at least, runs a bit faster. In any case I’m going to assume that you’re doing it this way because you’re a little more experienced/curious and don’t need me to hold your hand.
Step one is getting a working version of the SDL apk and installing it. You can do a quick Google search for it, but I’m not sure of the legal ramifications (or its copyright) so I’m not putting a direct link here. Keep in mind that you will need to allow “Apps from Unknown Sources” to be installed on your device. This can usually be found in the “Application Settings” area, depending on your version of Android.
Place your Win95 image in the SDL folder with the APK and rename it c.img, and load SDLlib. You may have to do more tweaking at this point as Networking didn’t work out-of-the-box for me. I needed to modify some already existing .bin and .inf files to coax them into doing what I needed to do, and even then it’s a little haphazard. You’ll need to have some method of editing the img file if you can’t get networking going or you’re going to need to re-image the drive every time you want to make a change.
This way you’ll also have access to the BIOS and VGABIOS bin files, if needed, but I didn’t end up touching them.
My reasons for doing this were purely academic. I just wanted to see if I could get it to boot and get it usable. After several weeks of poking at it I was, by all of the above methods, able to get 95 and 98 going this way. Windows 98 was just a matter of upgrading 95 and creating a new image file. I can’t think of many reasons to do this other than for the learning experience, though there are lots of pieces of software out there that don’t work so well in modern versions of Windows and maybe you want to take them with you.
Also, I was able to get my Logitech keyboard/mouse combo to work through the 30-pin charging port, and while dragging the cursor across the screen and “clicking” by tap was interesting, the keyboard is the way to go. It’s just too cumbersome for daily use otherwise.
So there it is, an Android tablet booting Windows 95/98! You can supposedly do this with Windows 2000 or XP, but I have not tried. If you have let me know, because I’d be interested in how you got native NTFS to work.
*There’s no instruction here because it really depends on your CD-ROM as to how you’d go about this. You’ll have to find one that will work with Win95 and DOS. I had one in the machine already so it was just a matter of setting it up manually through DOS.
I had been putting off posting about this project until I had gotten RaspBMC to work, as that was step two, but it looks like the problem I need to be resolved is going to be a little while coming. So, I’m going to come back later and put an update if I get it running correctly. Either way, the Raspbian (the Debian Wheezy Raspberry Pi distro) setup is pretty clear and the same for every model of Raspberry Pi.
Here is the hardware that I’m working with:
Raspberry Pi Model B
Logitech USB Wireless Mouse Keyboard combo
4GB SDHC Class 10 Memory Card
Edimax USB wireless adaptor
4GB USB stick (for extra storage)
Gearhead Passive USB hub
USB 1.0A power adapter and Micro USB cable
I did this all in Ubuntu 12.04, so my work will be related to that OS; though commands are pretty similar across many distributions. Also, I have an SD card slot in my laptop, which means I did not need an adaptor to access the card directly.
The first step is to get the image on the card. I snapped in the card, it mounted and I went to the disk utility to find out where it had put it (in the system). It was mounted at /dev/mmclbk0. Once I knew that, I was ready to go get the Raspbian OS.
You can get the latest image off of Raspberrypi.org’s downloads page. I’d recommend the straight Raspberry Pi Wheezy image, as the “soft float” one is slow, and the others are more for advanced users that want to do very specific things.
In any case, once I had it downloaded I checked the SHA1 sum, because we’d hate to have a corrupted image from the word go. If you’re unfamiliar with SHA1, then it’s simply a method of verifying file integrity. Quite basically, an algorithm generates a unique number for a file and then that number can be checked against a copy of a file to make sure that it’s in good condition. In terminal, and in the folder that I downloaded the file into you put the command:
And you’ll get an output that looks something like the string listed on the downloads page. In my case, I was looking for the following: b4375dc9d140e6e48e0406f96dead3601fac6c81
Then, I just opened the archive and drag/dropped the file into a folder I had created previously, and returned to terminal. We’re going to be using the dd command to copy the extracted image (input file) to the card (output file). We’ll set the byte size to 4M and need be superuser to do this. My command was:
Once it was done, I unmounted my card and slapped it in my Raspberry Pi for boot. On first boot you’ll get a lot of options. I’m not going to go through them one by one, as it’s pretty clear what each one is. The two I want to point you to however, are the expand rootfs and the memory split.
Expand rootfs is necessary if you have, like me, a larger than 2GB SD card. This opens up the rest of your card to be used by the system, so you have more storage space for your OS.
The memory split is important because the Raspberry Pi has a unified memory structure, meaning that it has one unified “bank” of memory that it divides towards certain tasks. If you’re going to be doing processor-heavy tasks like number crunching or multiple cron jobs, then you might want to push this towards the system memory side. However, if you intend to be using a lot of the graphical features, then you might want to lean towards the GPU.
The system is installed and ready to go. If you hit a command-line on boot, use startx to start the X Windows system (the GUI), and that’s it. I spent a good few hours customizing it, changing the wallpaper and such, but also removing and adding some software from the system to make it more useful to me, but that’s the basic setup.
I’ll come back at a later date if I get RaspBMC working, but as of right now it forgets that I have a mouse and keyboard attached to it, and there isn’t a simple solution that works so far. Everything works in Raspbian, and I’ve got quite a few things that I want to do in that, including Python that I mentioned in a previous post.
Recently, I’ve turned my attention to Python, the programming language. I had some work with it in the past, but never really gotten that far. As a hobby, it was time consuming and other things got in the way. Now that I’ve freed up a small chunk of time every week I’ve decided to devote that to working on learning the new Python 3, since 2.x is going away eventually.
I quickly found out that Python 3 is not directly supported on my platform of choice: Ubuntu 12.04 LTS. So, I needed to get this running from scratch, which involves downloading, compiling and making it easy to get to for working in.
Compiling and Installing
If you haven’t done so already, you’ll need to get a C compiler for Ubuntu. In general, it’s good to keep this resident on your machine anyway, since you don’t always know when you’ll need it and it doesn’t take up a whole lot of space.
sudo apt-get install build-essential
Then, we’ll need to get our Python installer from the web. I’m currently pointing towards the 3.3.1 version, but there will always be newer versions on the horizon, so check the download page.
This will download and the bzip tarball of the source code from the python website. Then, we need to un-ball it and change to the newly created directory.
tar jxf ./Python-3.3.1.tar.bz2 cd ./Python-3.3.1
Lastly, we’ll configure the source code, tell it where to install and then point our compiler (the first thing we did) at Python and tell it to put it all together.
./configure --prefix=/opt/python3.3 make && sudo make install
And now the basic Python core is ready to go. You can test it by putting the following in the command line.
You should get the following output, or something quite similar:
Python 3.3.1 (default, May 12 2013, 22:10:01)
[GCC 4.6.3] on linux
Type "help", "copyright", "credits" or "license" for more information.
A command line-type of person may want to create a symbolic link that will let them have a sort of “python command”. Keep in mind that in the following code, you can substitute the “/bin/python” for anything you want the command to be (ie. “/bin/py” or “/bin/pthn” which will make the command py or pthn respectively).
If you’re anything like me, then coding directly from gedit or the like is cumbersome and not really all that fun. I like options, a GUI and all the bells and whistles, so I went looking for a an IDE.
Netbeans was the first choice, as I’d used that before for PHP work. Here, I wanted something more dedicated to Python. If you do decide to go this route, make sure that you get the one from the Netbeans website and install it yourself. The version in the Ubuntu Software Center is terribly out of date and judging from the reviews, fatally flawed.
My second choice was KomodoEdit, the stripped down version of the Komodo IDE which I’ve heard some good things about (but never used). You can get it for both x86 and x64 as an AS package from their website.
If you have another IDE that you like better, let me know and I’ll take a look at it. I’m always on the hunt for a better/easier way to code.
Actually, the title is a bit of a misnomer. I’d already learned a bit about computer forensics and the process of recovering files on Windows operating systems some years ago. I had pulled a lot of lost data from a machine that had unexpectedly quit working, saving a lot of customer data for a person who, for the sake of their employment, shall remain anonymous.
However, the method I went about it could hardly be called “forensics” as I had to install some software to a USB and I still had to boot into the OS. I did a lot of writing to the disk (a forensics no-no) and not much was really preserved intact, but I did manage to save what needed to be saved. It really didn’t feel like I had done anything that would be useful to, say, a crime lab.
A few weeks ago I was asked if I could perform such a task on a newer Windows 7 laptop, one with a terabyte hard drive, resurrecting some home videos and photos that had been deleted. I jumped at the chance for three reasons: First, these files were of special importance to this person, as one of the family members had died recently and had failed to back them up. Secondly, this gave me a chance to try out the new Deft Linux package on a computer that I could actively see if it was successful. Lastly, the data was relatively nonvolatile. If I accidently wiped it, then no one was getting fired.
I downloaded and burned Deft Linux 7 onto a DVD and got to work. Deft is a Live Disc, meaning that the OS loads from the DVD rather than a hard disk, and is largely based on Ubuntu. The Deft Distro itself is an amalgamation of both Linux and Windows software (through WinE) put together by some people in Italy. It has an English version, and is just about as all-inclusive as you can get with the Linux tools. It also is set up not to mount any drives until you tell it to, and even then you can specify to mount as read-only or full access.
After looking through the impressive and useful manual on their website, I concluded that the pieces of software that I was going to use for the job were cyClone, Foremost and Scalpel. Luckily, there is a GUI front-end for the latter and a menu-driven command-line interface for the former. This was just about as simple as it could get.
The first step in getting the data off of a drive is to Carve it. That is to say, you “carve” out the piece of the drive you want to look at and put it somewhere else, some place that ideally has more space or maybe more computing power. In my case, I didn’t have the time, nor interest, in installing the software on my Linux boxes, so I just carved and set it aside.
Also, I wasn’t particularly interested in the entire drive, as they only really used the first 200GB of the 750GB that had been allotted them on the main C: drive. It would have been too time consuming and not revealed much to look at the last ~550GB of it. So, I carved only the first 200GB and placed it on one of the SATA drives that I had made in a previous project. If you want to get really fancy, you can run the command-line dcfldd which is the US Department of Computer Defence Forensics Lab’s enhanced version of the dd command.
Remember before when I said that Deft didn’t mount the drive and you could select to mount as Read Only or Full Access? The reason for this is that data is written to the disk when they are mounted in Full Access mode which is default for almost every OS out there. If we’re police investigators trying to get clues about what’s on a computer, we certainly don’t want to taint the crime scene by scribbling all over it. Mounting a partition in read-only mode prevents the us or the OS from accidently doing just that.
This is the part that takes the longest. Now that we have our cloned drive, we need to go through it and pull out all of the files we need and organize them. There are many ways to do this, but the easiest in Deft is to use the Hunchback GUI. This is a GUI front-end for for the scalpel and foremost command-line pieces. Options in Hunchback aren’t as robust as they are from the command-line, which is usually the case, but they were good enough for us.
I selected all the picture and video types, ignoring things like PDFs or EXEs. Then I pointed to another external drive (from a previous project) and told it to drop all the files that it found in that folder and arrange them by type. The software creates folders for each one and copies what it can accordingly.
Once that was done, I re-mounted the internal 750GB drive with full access, dropped the files I had sifted onto it, and I was done. Now, they could look through the files at their leisure (tens of thousands) and get their deleted files back.
A Further Word
This above, while definitely not a how-to, is a very simple way of getting data off of a Windows or other OS’s drive without disturbing the contents. You could even stop at the image stage and take it with you to sift later. It is an EXACT copy of the drive, deleted files and all.
Deft also contains a gargantuan number of other useful tools for doing things besides straight computer forensics. It also has utilities for network forensics, encryption study and more. If you’ve ever been interested in Computer or Network forensics, then Deft is a must have. It’s definitely tool number one on my belt for this kind of work.
I tweeted the other day about Google’s new Chrome Office Viewer Extension (COVE?) that was in beta. It would allow users to see Office documents (as in the Microsoft kind) right in their web browser window. I excitedly talked about how it may move me to Chrome, because I do open a lot of web-hosted word processing documents. It sounded exciting!
Moving from one browser to another would be a herculean task for me, but I was willing to do it for such a neat feature, if it worked as advertised. While importing bookmarks are no big deal, moving my encrypted passwords (some to sites that I don’t even remember I used) and tying a Google account to it are not something that I particularly wanted. But I was willing to give it a try.
I downloaded Chrome on my laptop and desktop and set about getting the extension. However, I have been unable to get the extension to install. Google has disabled it for the two operating systems I use the most: Windows 8 and Ubuntu Linux. I even tried launching Google Chrome in Windows 8 Mode, but to no avail. While this is beta, I can’t be the only one who uses these two OSes, or just one of them exclusively.
This left me rather disappointed and solidified me more into the Firefox camp, where all my stuff resides anyway. Maybe I’ll keep Chrome around for a bit longer just to see what’s changed since I’ve last used it, or wait until the Office Viewer gets a proper release, but Firefox is still sitting pretty in my book. I’ll stay there and possibly try again when this comes out of Beta.
A few weeks ago, I had put together a project to turn a few eSATA drives that I had lying around into a few mobile digital vaults. This was a complete success, and gave me a bunch more room to do future projects. However, it did not give me an easy way to access these drives, especially the one attached to my main Windows machine and my laptop. Having to unplug/replug every time was proving cumbersome.
So, I decided to make my “mobile” drives a little more permanent, and then just give access to them across a system of three computers via wireless. This would give me 750GB between the machines with which to divvy up as I saw fit.
I’ll be approaching this in three parts:
Setting up the 500GB on the Windows 8 machine (Zero) and sharing.
Setting up the 250GB on my Ubuntu File Server (Crusher) and sharing.
Connecting a Laptop (Stewart) and Zero and Crusher.
In my scenario I did not need to share to my file server from my Windows 8 machine. There’s no reason for it to access it, if successful, from anything other than Zero or Stewart.
So, step one was getting my shares running on Zero. The first thing I did was make sure my networking was all in line. Prior to this, I’d only ever used the Windows 8 computer to connect to the internet, never as part of any network. It had been part of another network previously, but not since the OS was upgraded.
In System Properties> Network ID I set it up as part of a Home Computer and gave it the Workgroup “ZRO_WG”. This is so I have an easy way of recognizing this machine on the network uniquely. Then, I simply shared the Rinder500 drive and set it to require a password.
Even though on Windows 8 your login is an email address, you’re only concerned with the username of the account. So if your account is SomeGuy@Somewhere.com then your user name is most likely going to be just “SomeGuy”. In my advanced sharing options (right-click, Advanced Sharing) I put a comment on the share to easily identify it, required a password and a simple name “rinder500”.
And that was it.
In Ubuntu it was almost just as easy. I’m currently running Ubuntu 10.04 Server LTS on my file server, because I’m trying to stay away from Unity as long as I can*, and that’s what was around when I first put this machine together. That should also give you an idea of its age. Keep this in mind as I proceed as some of my methods may not work for new versions or the problems I had may not even be an issue anymore.
You can Share a drive on Ubuntu just like you would share any folder, since that’s how they’re treated when mounted. You do this by heading into the drive, in my case /media/Rinder250 and right-click to share. Then, I used the shares-admin command from terminal and added the users I wanted and verified that my shares had been added properly.
Your Workgroup defaults to your machine name, so it was Crusher for the file server. I used a local user (me) as someone with full rights to the share, just to keep it simple. But, you can use this method to add any number of users to the share and give them different permissions if you want.
To do any of this however, you will need to install Samba. You will be prompted for it when you try to share, so this isn’t an issue, unless your server isn’t connected to the internet for whatever reason.
Building the Intranet
Now that I had both of the shares created, it was time to link all of them together. I had three machines that I wanted to link together: Zero, Stewart and Crusher. All three had different OS’s and different needs so I’m detailing them individually.
Zero is the Windows 8 machine and sharing the 500GB eSATA drive. The only one that it needed to link to was Crusher. I scanned the network (by doing the cumbersome task of clicking on the Network) and selecting Crusher.local. Then I put in my username and password for the share and Viola! everything was able to be read from and written to.
Crusher is the Ubuntu 10.04 Server sharing the 250GB eSata drive. This got complicated, mostly because of the way Samba (on 10.04 at least) handles Windows shares. You can’t just find the share in the network, double click on it and be good. You have to manually type in the address and then fill out the user/pass information. Using the Go > Location menu and then putting in something like:
Note the case of the case of the words, as they are important. The workgroup has to be in upper case and the username and share need to be in lower case. If it isn’t put in exactly as you see here, then it won’t work.
Stewart shared nothing, but needed to access both shares on Crusher and Zero using Ubuntu 12.04. This one was finished just like Ubuntu 10.04 machine, except that I had to put in two shares. Also, instead of an IP for Crusher I was able to put in just crusher.local. Other than that, exactly the same.
On the two Ubuntu machines I ended up making bookmarks for them, so I could easily get to them without having to type in that long address every time. If I reboot the server, which is rarely, and I don’t have a static IP assigned, I will need to add the share again and bookmark it again.
Now that I have put together these shared drives, I can move or save things to them across the network. I will be using these network drives in the future, when I will attempt to digitize my movie library.
*As mentioned, I do have 12.04 on my laptop, Stewart.