Computer forensics and Cryptography week 1

Computer Forensics and Cryptography- lecture 1

Due to most of the lecture being introductory, I only note the 4 ACPO principles below (which can also be found in my weekly summary).

1

No action should change data held on a computer or storage media

2

Must be competent and be able to explain relevance and implications of their actions

3

Audit trail should be created and preserved

4

Person in change has overall responsibility for ensure law and principles are adhered to

Lab notes below

Wednesday 27th September

Practical work 1: Linux based skills

1.1 Unix

Noted that it has been around for a while, created by Bell labs researchers

Was abandoned

Ken Thompson 1969 made it

Linux

Project by Linus Torvald

1.2

Users and super users

Important to note there is a difference

Admin user powerful

Account only on PC you are working on!!

Also to note: if partitions become corrupt can be resolved by base install, usually reinstalling the disk image

Practical

Command line

Found through using terminal

Important to note

Man= help

Man man= gives you manuals manual

Note; commands will be in red

What does Man do?

Works by listing all the information in the manual file,

Space bar to display next screen

Q quits the manual at current point displayed

-k  is short for keywords, lists a one word synopsis

-f short for files and when issues, manual looks for manual sections relating to those files

So -k security command comes up with following

-f comes up with this

Less is more

Man less is how man pipes out its output

Commands that are helpful

Q- quit

Space bar- next page

Return bar- go forward one line

N return bar- go forward N lines

Nf- go forward n lines

B- go back one screenful

Nb- go back n lines

/pattern- search forward for the specified pattern

N- repeat prev search

. – repeat prev command

Tested and all worked correctly

Manual organisation

Manual can be located  with man man- will show all the sections

Can search specific with man section item

Man kill- gave info

Man 7 signal- gave info, told me what signals linux supports

Using command line linux

Important to take in to account that parts have to typed EXACTLY as they appear

Whatis- alternative to man -f

Apropros- man -k whatever OR could use single word comman Apropros

User id and password

Linux will always ask

Last – shows when you last logged in

Passwd

Cat – displays contents of a file

Cracking

Can actually convert passwords from hashes

Controlling machine

Ctrl + …

C- stops program running

D- end of file character

S- pauses a scrolling list

Q- start scrolling again

W- erase the last word typed

X- or U – erase the entire line

No ctrl, just backspace

Files

Text

Files that contain ASCII characters

Binary

Exceeds 128 codes used by ASCII

Noted: binary usually uses all 8 bits per character, text files don’t

The root directory

Superuser’s directory

Contains kernel (OS)

/bin- basic programs that make up unix

/etc – system admin files

/lib- library of programs

/sys- system source files

/tmp- temporary storage

/dev- special files

/usr- many sub directories with common usages

/usr/bin used to store exes

/usr/dict stores dictionaries

George

Amongst others such as

Usr/

Games

Include

Lib

Local

Man

Spool

Src

Tmp

Usr/usb- contains /bin and usr/bin

Users also each have a home directory which contains personal files

Directory manipulation

Mkdir- create directories

Cd- change the working directory

Pwd- print the working directory

Rmdir- removes directory – NOTE that wont remove unless empty, can counter with -r

Mv- move directories

Ls- lists contents of a directory

-r- displays the directories listings for all directories in a sub tree

-s- storage space

du- disk usage

File manipulations

*matches any sequence of zero or more characters

? match a single character

Special files- have a period (not literal) in the first character of the name, hidden from normal directories – found with ls -a

Touch- can create a file

Filenames- CASE SENSISITVE

Cp- copies a file

mv- moves a file

note for both

-I switch to give an interactive session

- p switch to preserve permissions

- r switch provides recursions

Delete files with command rm

But beware, impossible to restore if this is followed by -r!

File permissions

Read

Write

Execute

Can pick who can see, write or execute certain programs

Chmod

Chmod mode file used to manipulate permissions

Links

Data structure called inode exists for each file, containing lots of metadata

User id, size, type etc

Possible to have many filenames linked to the same set of data

Practical work

1)      Man man showed

2)      Space bar took me to end

3)      Typing H showed commands

4)      Man less showed manual entry

5)      Man 1 man- found none?

6)      below

7)      couldn’t see but tried going to end of man,  was a see also link

8)      3 found from /security in man passwd

9)      Man man

10)  Understand ls shows all shown but ls shows ALL in that it shows hidden

11)  Who shows me as user

12)  Didn’t come up different

13)  Finger installed showed what time on since but in PDT

14)  Showed same but diff user

15)  Changed pass

16)  Head -5. Profile showed first five lines

17)  Last four lines

18)  8

19)  Created username with password

20)  Used cat for account superman

21)  

Slightly messy but did manage to get the hash