I will be speaking in Prof. Sengupta’s class at John Jay College of Criminal Justice at the City University of New York on Oct 28, 2010.  The topic of discussion will where does Digital Forensics fit in the big picture of organizations.  The talk will introduce the students to a variety of topics including choosing a career as a digital forensics investigator, their duties as an investigator, being successful as an investigator, case studies and real-life problems faced by the computer forensic investigators.

Finally, the CSCI 599 course on Search Engines concluded. The presentation went off pretty well.
The worst part was that an effort of 5 straight days went down the drain trying to go through the Nutch code. I think the Nutch developer community needs to get a little more matured and help newbies like me else new people would not join the movement! Eventually, I had to make my own focused crawler, query interface web data crawled and query interface.
I also got my CSCi558L scores which were ok…94,99,100 so things look ok so far but now the main effort is just starting off to get the Worm fingerprinting with ITrace going. Let’s hope things turn off well.

Come end of semester and the project deadlines start impending! The situation I am in is one of great thrill and rush! For the CS558L I’m doing this project in which I have to implement an automated worm fingerprinting mechanism but not only that combining it with ITrace I want to make Worm attacks and DDoS attacks a thing of past!
The scheme in plain English is to detect automatically if your network is being attacked by looking at the traffic and if so communicate this information to whoever you are forwarding this packet to! The ICMP messages that will be forwarded will carry information about who sent this traffic and other such information (including the signature of attack traffic). The receiver with all this information could gather the source of attacks. If all the routers followed this scheme then we will be able to reconstruct the entire path of the attack so the entry point of the attack could also be sealed….(hopefully leading to a Worm and DDoS attack-free internet)!!!
Really hopeful…aren’t I??? 😉
But again this technique has the same single flaw as the other techniques in that it needs co-operation between ISPs.
I am currently coding this scheme in the Linux Kernel 2.6.11.7 and this is my first tryst with linux kernel programming…let’s see what future holds for me!

I came across the interesting Skype4Com API that could aid users to dial several numbers using skype.
To install Skype4Com simply unzip the contents of the archive and execute the following command:

c:\> regsvr32 Skype4Com.dll

Upon executing this you can use the Skype4Com API using .Net (C#, VB Script) and even Python.
One can even generate DTMF tones to dial in to 1-800-numbers and automate the process so you can directly get through the initial wait times and directly speak to the customer representative.

SSH is an excellent piece of software which can help you do a lot of things such as have encrypted shells etc. But what makes SSH incredibly flexible is having tunnels.

A typical ssh tunnel works from the client to the ssh server and it forwards a local port on the client to the server seamlessly.

client ----> ssh_conn ----> ssh_server
client --> tunneled_port --> ssh_server

ssh -L 10000:localhost:10000 username@ssh_server

This connection creates a tunneled port on client:10000 i.e., anything sent to this port appears as if it’s automatically sent to ssh_server on port 10000. The localhost here is confusing, but think of it as….”what is localhost for ssh_server?”. It would be the ssh_server itself, right?
If you do a netstat on the client, you see a listener on the port 10000/tcp.

Now comes the more interesting reverse tunnel. The reverse tunnel is different in that, you have a tunnel being initiated by the client that says to the ssh server, “Hey, I’m initiating this connection that will allow you to automatically access a port on *me* after *I* initiate the connection?” (confused!!?!)

client ---> ssh_connection ---> server  ---+
                                           |
client <-- tunneled_port  <----- server ---+

ssh -NR 10000:localhost:10000 user@ssh_server

Here the meaning of localhost is slightly different, though.  The “localhost” means what is localhost for the client (and not on the server as in the previous case)!   So what you’re saying is, “Hey SSH server, I’m initiating this connection to you but if you connect to your port 10000 you will get a tunnel to *my* port 10000.”  If you do a netstat on the server you see a listener on port 10000. Isn’t it great that you can make the server listen to a port which acts as a tunnel to you…so anyone on the server can seamlessly connect to you even though technically you were the client!

I’ve been a Batman fan since the time my father took me to watch the first Batman movie starring Michael Keaton. The latest addition to the Batman series is Christopher Nolan’s Batman Begins. The film is an excellent depiction of Batman and his rise as the caped crusader in Gotham City. The story is a prequel to the Batman movies which we have seen in the past.
The remaining cast is also well studded with some of the best actors of Hollywood like Michael Caine (Alfred) and Morgan Freeman. Katie Holmes also has done a good job of acting. But I still think that Michelle Pfeiffer is yet to be beaten in looks in the entire Batman series.
Overall, the movie is excellent with everything about Batman being explained and I think it’s a must watch for any Batman fan!

I have been trying for the last few weeks to get the Android Kernel source and then build a kernel of my own and then load it into the emulator to try to test out the modules. I spent numerous hours in trying to understand about how to go about it. So here’s a post so I can log all that I did in an effort from going from nothing to having my kernel loaded in the Android Emulator.

There are posts such as the one on eeknay32’s blog and the Stackoverflow post that really helped me in getting started. Also there is a HOWTO in the qemu documentation located at external/qemu/docs/KERNEL.TXT

I first started to follow the directions from here but this is only to get the source code of the Android SDK and other tools and to compile those. That was not initially my goal because getting the source of the tools and SDK was not my goal. Don’t bother downloading this (you could get the tools pre-compiled) unless you really want to compile the tools on your own.

The following steps will help you compile the code for the Android emulator and other tools:
sudo apt-get install git-core gnupg flex bison gperf build-essential \
zip curl zlib1g-dev libc6-dev lib32ncurses5-dev ia32-libs \
x11proto-core-dev libx11-dev lib32readline5-dev lib32z-dev \
libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown \
libxml2-utils xsltproc
mkdir ~/bin
export PATH=~/bin:$PATH
curl https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo
chmod a+x ~/bin/repo
cd src
repo init -u https://android.googlesource.com/platform/manifest -b android-2.3_r1
repo sync
. build/envsetup.sh
lunch full-eng


Now going to our main goal.

Get the Android source
git clone https://android.googlesource.com/kernel/goldfish.git goldfish
cd goldfish
Put the cross compilation toolchain into your path and also put the tools (emulator, android tools etc) in your path:
export PATH=$PATH:~/bin:~/bin/src/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin:/root/bin/src/out/host/linux-x86/bin
make ARCH=arm goldfish_defconfig
make ARCH=arm SUBARCH=arm CROSS_COMPILE=arm-eabi- -j4
This is a good resource on different errors you could encounter. If you get a message “zImage is ready” you are good to load this image into the emulator to have a running emulator.
Before you run the android tool you need to first set an environment variable otherwise the tool will complain that ANDROID_SWT is not set.
export ANDROID_SWT=/root/bin/src/prebuilt/linux-x86_64/swt

Now you have to download some of the SDK Framework from the Google website so that you can create your own Android Virtual Device (AVD). Without downloading the SDK platform you will get no output when you issue the following command:
android list targets
After you get the right ANDROID platform you can issue the following commands:
android create avd -n my_android1.5 -t 1
emulator -kernel ~/bin/kern/kernel-common/goldfish/arch/arm/boot/zImage -show-kernel -verbose @my_android1.5
Now you should have a running emulator with your shiny new kernel.
Now if you want to compile your own kernel module and load it into the emulator at runtime then you need to use Android Debug Bridge (ADB) tool. See this post, where the author creates a kernel module. For me I had to modify the Makefile a little as shown below:
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 29
EXTRAVERSION = -00054-g5f01537
obj-m += hello.o
KDIR=/root/bin/kern/kernel-common/goldfish
PWD := $(shell pwd)
all:
make -C $(KDIR) ARCH=arm CROSS_COMPILE=/root/bin/src1/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi- SUBDIRS=$(PWD) modules

clean:
make -C $(KDIR) ARCH=arm CROSS_COMPILE=/root/bin/src1/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin/arm-eabi- SUBDIRS=$(PWD) clean

Issue the make command from the directory where you have your makefile and the sources to get hello.ko.
See the partition not mounted as read only by searching for “rw” mount mode by issuing the following command:
/root/bin/src/out/host/linux-x86/bin/adb shell mount
/root/bin/src/out/host/linux-x86/bin/adb push hello.ko /data
/root/bin/src/out/host/linux-x86/bin/adb insmod /data/hello.ko