Sunday, March 25, 2012

Digital Forensic Analysis

After a week of hibernation, its time to move again..  >:)

So, in this post I'll try to perform a simple digital forensic analysis on an image of a floppy disk. You can download it here :
I use Backtrack OS in this post, because in Linux, there are some basic forensic analysis tools that have been already included.

As I told before, linux have been integrated with some basic forensic analysis tools such as :

Sunday, March 18, 2012

MP3 File Structure

File structure is something that make up a file. File is the smaller form of a filesystem. A file can't be called "file" when it is not structured. Structure of a file is important to make that file readable because when it is not properly structurized I bet the system won't be able to read it. And I think there's also a standarization of a file structure, so a pdf file named A will have the same structure as the B,C,D or the other pdf files. The file structure of each filetype is also different. An .avi files will have different file structure with a .doc file. 
In this post I'll try to explain about the structure of an mp3 file.   :)
Who don't know MP3? MP3 or to be more specific, MPEG-1 or MPEG-2 Audio Layer III, is a patented digital audio encoding format using a form of lossy data compression. It is a common digital audio format used widely in the world. When we talk about mp3, it cannot detached from music. I think everyday we always listen to music. And I think you already know, most of the music is encoded with this format.

The Magic Number

Hoho, In this post I'll explain a thing called "Magic Number". Can you guess already what it is? Some kind of number that have a magical spell in it? some kind of magic trick that use numbers as its media? or the others? 

Unfortunately, "magic number" in this post is not a thing related to magic itself literally. This magic number is a thing related about a file format. Originally, this kind of term was used for a specific set of 2-byte identifiers at the beginning of a file, but since any undecoded binary sequence can be regarded as a number, any feature of a file format which uniquely distinguishes it can be used for identification. Identify what? to identify a file format of course.

What is Unallocated Space?

When you're installing an operating system on a new harddisk, do you notice that the installer said that our disk status is Unallocated? Or when you want to divide a harddisk into two or more partition, after the split the newly created partition also in the "Unallocated" status. So what is this unallocated called thing?

Unallocated space, or in the other word "free space", is logical space on a hard drive that can be used by the system to put files on. Unallocated space is the opposite of "allocated" space, which means a place on the hard drive where there's already files written or stored in it. Unallocated space is different from Slack space. The difference, in the unallocated space the system can put files in it, where in the slack space the system can't put any files in it. Simple right?  :)

Saturday, March 17, 2012

Slack Space

Again, in this post I'll try to explain a thing that related to Computer Digital Forensic that is Slack Space. 

In a Storage Device when a file is saved, it is stored in the beginning of a cluster. Cluster itself is like a directory in the storage. It consist of some sectors. Imagine a House fully contained with 50 cupboards that have 4 drawers each..
Get it?  :D
Lets say that this house is the harddisk, the cupboards is the cluster, while the drawers on each cupboard is the sector. So, we can say that this harddisk have 50 cluster and 4 sector on each cluster.
cmiiw..  :)

Thursday, March 15, 2012

File System at Glance

When we want to learn about Computer Forensic, File System can't be excluded from our learning material. So, in this post I'll explain a little about File System.

File system is a method, how to deal with files on a computer. How the data organized, stored, updated, modified, as well as manage the available free space on the storage media. The type of a hardware filesystem is usually adjusted with the characteristics of the storage device. So, the filesystem of the Harddisk is usually different with the filesystem of a Flashdisk or a Floppydisk. Another adjustment is including an Operating System as its parameter. Windows filesystem (which usually is FAT or NTFS), is different with Linux filesystem (ext2,ext3,ext4), as well as Mac filesystem. Still, nowadays an Operating System able to use more than one filesystem.

Wednesday, March 14, 2012

MBR ~ Master Boot Record

Computer Forensic mostly dealing with a storage device like Flashdisk, Harddisk, CD, DVD, RAM, etc. There are two type of storage, volatile and non volatile. Dealing with volatile storage device like RAM is more difficult because when the Computer is turned off, the data inside will disappear and some evidence maybe would lost too. Dealing with non volatile memory like Flashdisk or Harddisk isn't easy too. False method will make an evidence found on the memory won't be valid anymore.

In the Harddisk, there is something called MBR or Master Boot Record. MBR contain a series of code which make the harddisk can boot the system. IBM is the one who make it well known by the world. Usually, MBR located in the first sector of the Harddisk. Some of MBR task are :
1. Record the partition table on the system, which contains the details of the partition of a storage device on the system. 
2. Bootstrapping an operating system. 
3. Identify individual storage media.

Monday, March 5, 2012

Advanced Web Application Hacking

Nowadays, most people especially engineers have a website. They usually use it to share their activity, show their works, make a portofolio, etc. But, little people concern about the security of their website. They usually won't do something about the security of their website before it is attacked by hacker. They don't know the importance of their web security before someone breaks into it.

In this post, I'll try to show how to gain a root access through a web application. There are a lot of method to do that, this is one of them. The web application that will be used is DVWA(Damn Vulnerable Web Application). You can download it here. The installation is there too.

- Start up your apache and mysql.