About Me

Monday, March 26, 2012

Computer Forensics (Practical)

In this article, i will try to do some recovery file. 
Ok, i have one file for practice this forensics. 

Next, i try to clone that file by using a command dd if=practical.floppy.dd of=/dev/fd0


i try to clone the practical.floppy.dd to the /dev directory. And the output filename is tesforensic.  If succesfull, let's see the output file on the dev directory.

Well it's success. Next i make a directory penyidik inside the root directory and directory analisa inside the /mnt directory


Next, i try to determining the structure of the disk of sda.

From the picture above, i can see the information of the sda disk. 
Next i try to redirect the information above to a file. i put that file in penyidik directory. I give that file with name fdisk.disk1.
Read more »
Diposkan oleh di No comments:

Sunday, March 18, 2012

Slack Space

Slack space is a part of hard of hard drive that are not fully used with the current allocated file and which may contain data from the previously deleted file of for simple word, slack space is thw wasted space from hard drive.



From the picture above, saving a 768 byte file (named User_File.txt) requires only sector 1 and 1/2 of sector 2 in the cluster.  Depending on the operating system, the remaining 256 bytes in sector 2 might be filled with 1′s or 0′s or might simply remain intact.  Both sectors 3 and 4 would not be overwritten and are thus considered slack space.

Diposkan oleh di No comments:

Structure File HTML

The structured of HTML file that contains html codes are : doctype tag, html tag, head tag, and body tag. The html file usually started with command <html> and ends with </html>. And between <head> and </head> that was inserted tag description, keyword and title. Then the commands of html inserted between <body> and </body>.

The basic structure of Tag HTML was like this :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
      <head>
            <title>Structure of HTML</title>
            <meta name="description" content="Basic Tutorial  tag HTML">
            <meta name="keywords" content="code html, tag html, sintax html">
      </head>
      <body>
            ... tag html (html codes)
            ...
     </body>
</html>

1. Doctype 
 Tag Doctype is used to explain the version of HTML on the script that we have made. The location on the top part of file.
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

2. HTML
This tag used to open and close the document of HTML
 <html> ......... </html> 

3. Head
This tag used to write the caption of HTML document. The contents between this tag will not be visible on the page.
<head>..........</head>  

The tags that located in head tags, there are:
  • Title, this tag used to write the page title. This title will show when you open the web page on your browser, not in your web page. 
<title>Pariwisata di Lombok </title> 
  • Meta Command for Description, the function is to give the caption about your web page. 
<meta name="description" content="Basic tutorial of HTML">
  • Meta Command for Keywords, the function is to be the keywords for the page file HTML. This keywords usually types by the visitor in the search engine to find the web pages. 
<meta name="keywords" content="html code, tag html, sintax html">

4. Body
  This tag is used to write the tags that will be the contains of the blog.
<body>
    ... tag html (html codes)
    ...
    ...
</body>
Diposkan oleh di No comments:

Unallocated Space

Unallocated space is logical space on a hard drive that the operating system, which can write to. On the other word, it is the opposite of “allocated” space, which is where the operating system has already written files to.

If the operating system writes a file to a certain space on the hard drive that part of the drive is now “allocated”, as the file is using it the space, and no other files can be written to that section. If that file is deleted then that part of the hard drive is no longer required to be “allocated” it becomes unallocated. This means that  new files can now be re-written to that location.
Diposkan oleh di No comments:

Magic Number

Magic Number is a constant numerical or text value used to identify a file format or protocol. Detecting constants in files is a simple way of distinguishing between file formats, basically every file has an header and a footer in order to get correctly recognized, for example a pdf file starts with “%PDF” and ends with “%EOF” while a jpeg image file begins with “0xFFD8” and ends with “0xFFD9”. These constants are called magic numbers.
Diposkan oleh di No comments:

Thursday, March 15, 2012

Structured File System


1. FAT 16 : This is the 16-bit version of the FAT file system. The 16-bit part describes the way units are allocated on the drive. The FAT16 file system uses a 16-bit number to identify each allocation unit (called cluster), and this gives it a total of 65.536 clusters.

Basic Structure

The FAT16 file system structure contains the following regions:
Region
  • Reserved Region (incl. Boot Sector)
  • File Allocation Table (FAT)
  • Root Directory
  • Data Region 
The first sector (boot sector) contain information which is used to calculate the sizes and locations of the other regions. The boot sector also contain code to boot the operating system installed on the volume. The data region is split up into logical blocks called clusters. Each of these clusters has an accompanying entry in the FAT region. The cluster specific entry can either contain a value of the next cluster which contain data from the file, or a so called End-of-file value which means that there are no more clusters which contain data from the file. The root directory and its sub-directories contain filename, dates, attribute flags and starting cluster information about the filesystem objects. 
Read more »
Diposkan oleh di No comments:

MBR (Master Boot Record)

In this article, i will explain about the definition of Master Boot Record(MBR). Master Boot Record is a type of boot sector popularized by the IBM Personal Computer.It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk. MBRs are usually placed on storage devices intended for use with IBM PC-compatible systems.


The MBR may be used for one or more of the following:
  • Holding a partition table, which describes the partitions of a storage device. In this context the boot sector may also be called a partition sector.
  • Bootstrapping an operating system. The BIOS built into a PC-compatible computer loads the MBR from the storage device and passes execution to machine code instructions at the beginning of the MBR.
  • Uniquely identifying individual disk media, with a 32-bit disk signature, even though it may never be used by the operating system. 
Read more »
Diposkan oleh di No comments:

Tuesday, March 6, 2012

Exploit Linux Shell DVWA Medium Security

In this article, i'll try to exploit the linux shell from Web DVWA with medium level security. The operating system that i use is Backtrack and Ubuntu from my virtual box.

First, activate the service of apache, mysql, and ssh in backtrack. Then open the dvwa from the ubuntu linux on the virtual box. And give the username field with admin and the password field with password


Next, change the security of DVWA with medium level.


Read more »
Diposkan oleh di No comments:
Subscribe to: Posts (Atom)