• Tutorial: How to use dcfldd instead of dd

    2 March 2014 Author: Stefano Prenna
    4 Comments

    Today I want to introduce to everyone an excellent command that works very much like dd but it’s just much better…

    dcfldd is an enhanced version of dd developed by the U.S. Department of Defense Computer Forensics Lab.

    Department of Defense Cyber Crime Center

    Department of Defense Cyber Crime Center

    Features include:

    • Hashing on-the-fly, dcfldd can hash the input data as it is being transferred, helping to ensure data integrity. Supports multiple hashes at once
    • Progress bar of how much data has already been sent.
    • Flexible disk wipes, dcfldd can be used to wipe disks quickly and with a known pattern if desired
    • Verification that the image is identical to the original drive, bit-for-bit.
    • Split output, dcfldd can split output to multiple files with more configurability than the split command
    • Piped output and logs, dcfldd can send all its log data and output to commands as well as files natively
    • Verify capability

    How to install in Ubuntu:

    sudo apt-get install dcfldd

    Here you can see a small summary of the most common commands:

    if = Input File (device or file you want to read)
    of = Output File (device or file you want to copy the data to)
    hash = md5, sha1, sha256, sha384 or sha512 (hash type)
    hashwindow= Size (in Bytes), about how often a hash calculation will happen
    <hash>log = file that will contain the hash calculations log for each hash type (eg: sha1log=sha1.log)
    hashconv = valid values: AFTER or BEFORE. It depends if you want to perform the hash after or before the conversion
    bs = Byte Size (amount of bytes to read at once)
    noerror (ignore read errors and continue) , sync (performs padding) are the 2 most common options here
    split = breaks image file into multiple files
    splitformat = the file extension format for split operation
    conv = convert the file as per the comma separated keyword list (see following list):
    ascii=from EBCDIC to ASCII
    ebcdic=from ASCII to EBCDIC
    ibm=from ASCII to alternated EBCDIC
    block=pad newline-terminated records with spaces to cbs-size
    unblock=replace trailing spaces in cbs-size records with newline
    lcase=change upper case to lower case
    notrunc=do not truncate the output file
    ucase=change lower case to upper case
    swab=swap every pair of input bytes
    noerror=continue after read errors
    sync=pad every input block with NULs to ibs-size; when used with block or unblock, pad with spaces rather than NULs

    Example

    dcfldd if=/dev/source hash=md5,sha512 hashwindow=1G md5log=md5.txt sha512log=sha512.txt \
    hashconv=after bs=512 conv=noerror,sync split=1G splitformat=aa of=image.dd

    This command will read one GB from the source drive and write that to a file called image.dd.aa. It will also calculate the MD5 hash and the sha512 hash of each Gigabyte read.

    It will then read the next GB and name that image.dd.ab. The md5 hashes will be stored in a file called md5.txt and the sha512 hashes will be stored in a file called sha512.txt. The block size for transferring has been set to 512 bytes, and in the event of read errors, dcfldd will write zeros.

  • Tutorial: recover lost saved session in Firefox

    17 February 2014 Author: Stefano Prenna
    No comment yet

    Have you noticed that sometimes the saved sessions in Firefox are lost after a crash, leaving you with a clean, default homepage when launching it?

    However if this happens to you, you’re not alone! There is a quite simple way to recover it.

    The Saved Sessions are saved in a file called sessionstore.js under your ~/.mozilla/firefox/yourprofilename.default-backup-crqashrecovery-date

    Your profile name has a series of letters and it finishes in “.default”. For example: mcwubzdq.default

    Now if you list the files in ~/.mozilla/firefox you will see various of these files, ending with a date and time (for example: mcwubzdq.default-backup-crashrecovery-20140217_075716). The trick here is to save an old sessionstore.js file and overwriting the empty one in your profile.

    So first of all close Firefox and go to your profile directory and rename sessionstore.js:

    cd ~/.mozilla/firefox/profilename.default

    mv sessionstore.js sessionstore.js.old

    and now let’s assume that you want to use the session from the 17th of February 2014:

    cp ~/.mozilla/firefox/profilename.default.default-backup-crashrecovery-20140217_075716/sessionstore.js .

    That’s it! Now you can launch Firefox and enjoy your saved session tabs!

  • Migrate between Ubuntu distro or change desktop environment?

    3 February 2014 Author: Stefano Prenna
    No comment yet

    One of the most visible changes (but not the only one!) between different Ubuntu distro is the Desktop Environment.

    Looking at the official information page about Ubuntu derivatives we can see many distributions like Lubuntu, Kubuntu, Xubuntu and so on, all officially maintained by Canonical.

    The beauty of any linux distro is that you can customize it as you want. Ubuntu is shipped with Unity desktop environment, however if you want to test (or remove) another environment, it’s quite easy:

    Install Ubuntu Unity:
    sudo apt-get install ubuntu-desktop

    Remove Ubuntu Unity:
    sudo apt-get purge ubuntu-desktop

    Install LUbuntu LXDE:
    sudo apt-get install lubuntu-desktop

    Remove LUbuntu LXDE:
    sudo apt-get purge lubuntu-desktop

    Install Ubuntu GNOME:
    sudo apt-get install ubuntu-gnome-desktop

    Remove Ubuntu GNOME:
    sudo apt-get purge ubuntu-gnome-desktop

    Install KUbuntu KDE:
    sudo apt-get install kubuntu-desktop

    Remove KUbuntu KDE:
    sudo apt-get purge kubuntu-desktop

    Install XUbuntu XFCE:
    sudo apt-get install xubuntu-desktop

    Remove XUbuntu XFCE:
    sudo apt-get purge xubuntu-desktop

    Remember that when you install a desktop environment you normally install extra software like games, accessories, etc, therefore once you have removed one using the “purge” option, you can then run:

    sudo apt-get autoremove --purge
    To clean up all the extra software. This is because the extra software is not uninstalled when you uninstall the main environment.

    Another option is to skip the installation of extra software by slightly tweaking the command. For example to install KUbuntu KDE environment just add –no-install-recommends as shown below:

    sudo apt-get install --no-install-recommends kubuntu-desktop

    Finally I have noticed that even if you remove completely the desktop environment associated to your distribution (for example you remove Unity from Ubuntu) leaving another one installed, as soon as a new version of the distribution is available, the original desktop environment is installed and set as default again. Therefore I’ve learned that the best way to migrate your Ubuntu distribution to another distribution is to download and burn the ISO of the next version (or even the same version!) and launch the installer.

    LUbuntu installation screen

    LUbuntu installation screen

    As you can see from the screenshot, by using this method you can migrate your distribution to another, without worrying about losing your settings or reverting back to the original one.

Previous Page Next Page