DOCSLIB.ORG

A General Strategy for Differential Forensic Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A General Strategy for Differential Forensic Analysis DIGITAL FORENSIC RESEARCH CONFERENCE A General Strategy for Differential Forensic Analysis By Simson Garfinkel, Alex Nelson and Joel Young From the proceedings of The Digital Forensic Research Conference DFRWS 2012 USA Washington, DC (Aug 6th - 8th) DFRWS is dedicated to the sharing of knowledge and ideas about digital forensics research. Ever since it organized the first open workshop devoted to digital forensics in 2001, DFRWS continues to bring academics and practitioners together in an informal environment. As a non-profit, volunteer organization, DFRWS sponsors technical working groups, annual conferences and challenges to help drive the direction of research and development. http:/dfrws.org Digital Investigation 9 (2012) S50–S59 Contents lists available at SciVerse ScienceDirect Digital Investigation journal homepage: www.elsevier.com/locate/diin Ageneralstrategyfordifferentialforensicanalysis Simson Garfinkel a,*, Alex J. Nelson b, Joel Young a a Computer Science, Naval Postgraduate School, 900 N Glebe St., Arlington, VA 2203, USA b Computer Science, University of California, Santa Cruz, 1156 High St, Santz Cruz, CA 95064, USA abstract Keywords: The dramatic growth of storage capacity and network bandwidth is making it increasingly Forensics difficult for forensic examiners to report what is present on a piece of subject media. Differencing Instead, analysts are focusing on what characteristics of the media have changed between Forensic strategies two snapshots in time. To date different algorithms have been implemented for per- Feature extraction forming differential analysis of computer media, memory, digital documents, network Temporal analysis traces, and other kinds of digital evidence. This paper presents an abstract differencing strategy and applies it to all of these problem domains. Use of an abstract strategy allows the lessons gleaned in one problem domain to be directly applied to others. Published by Elsevier Ltd. 1. Introduction month-to-month traffic summaries in an attempt to learn how demands on their networks evolve, as well as to This paper describes differential forensic analysis, identify the presence of malware. a practice that is increasingly used by digital forensic No matter what specific modality is being examined, all examiners but has not been formalized until now. of these use cases involve the collection of at least two Differential forensic analysis compares two different digital objectsda baseline and a final image. Differential digital forensic images (or, more generally, any pair of analysis reports the differences between the twodthat is, digital artifacts) and reports the differences between them. what has changed. But despite the similarity of purpose, to Focusing on the changes allows the examiner to reduce the date each differential analysis use case has been developed amount of information that needs to be examined (by in isolation, with different procedures, tools and reporting eliminating that which does not change), while simulta- standards. neously focusing on the changes that are thought to be the We show that these scenarios can all be implemented result of a subject’s activities (for presumably, it was the using the same strategy. Furthermore, the strategy can activity of the subject that somehow transformed the first cover scenarios apparently unrelated to computer foren- digital image into the second). sics, such as reporting on the changes within a document or Differential analysis is widely practiced today. Reverse even file synchronization. The key to this strategy is the engineers attempt to infer the behavior of malware by extraction of features from the digital artifacts in which comparing the contents of a hard drive before the malware each feature has a separately describable name, location, is introduced with the hard drive captured after the mal- content, and possibly other metadata. ware infection. Sex offenders on many controlled release programs must submit their computers for regular analysis, 1.1. Contributions so that an examiner can determine if the offender has visited a banned website. Network engineers compare This paper presents a principled study of differential analysis and then applies that work to multiple contexts, * Corresponding author. Tel.: 1 617 876 6111. including the analysis of files on a computer’s disk drive, þ E-mail address: [email protected] (S. Garfinkel). the pattern of data sent across a network, and even reports 1742-2876/$ – see front matter Published by Elsevier Ltd. doi:10.1016/j.diin.2012.05.003 S. Garfinkel et al. / Digital Investigation 9 (2012) S50–S59 S51 from other forensic tools. We show that a small set of well- are collections of bytes of variable length that are identified chosen abstractions allows the same differential analysis by strings (typically a path name consisting of one or more strategy to be applied to all of these cases. directory names and a final file name). It is important to note that the tools we have written We use the term image to refer to any kind of digital were created before we formalized our general strategy, not artifact. In this article we occasionally use the word object after. Although it would be quite elegant to have a single as a synonym for image when warranted by context. implementation of differential analysis and then to Baseline image (A). The image first acquired at time TA. specialize that implementation for each modality, what Final image (B). The last acquired image, taken at time TB. actually happened is that we unwittingly wrote multiple Intermediary images (In). Zero or more images recorded implementations of the same abstract strategy each time between the baseline and final images. Image In is the nth we wrote another differential analysis program. Only after image acquired. writing several different differential analysis tools were we Common baseline. A single image that is a common able to appreciate the commonalities between the imple- ancestor to multiple final images. For example, a in Equa- mentations and to realize that the strategy could be made tion (2) is a common baseline for A and B. general by an appropriate choice of abstraction. Image delta (B A). The differences between two À images, typically between the baseline image and the final 2. Definitions, terminology and notation image. Differencing strategy. A strategy for reporting the In this section we introduce a consistent terminology for differences between two or more images. discussing differential analysis. We apply this terminology Differencing strategies and algorithms that implement to prior work as well as to our own contributions. those strategies have long been applied to programs, text, Differential analysis. An analytical process that compares and word processing files (Horwitz, 1990), and are widely two objects (images) A and B and reports the differences available in tools such as Unix diff and Microsoft Word. between them. Although at first it might seem most Traditionally there has been little distinction between the sensible to report the differences as (B A), experience has tool that implements the algorithm and the algorithm À shown that it is frequently more useful to report the itself, and both have been developed for specific differ- differences as the series of operations R necessary to encing tasks. transform A into B: This paper presents a general strategy for differential analysis. By general we mean that the strategy can be A / B (1) R equally applied to other articles of forensic interest, such as memory images and network packet dumps. For example, Typically A and B represent snapshots in timedA might if A and B are collections of packets sent over a network on be an image of a hard drive recorded before a computer is two successive days, the examiner might be interested in deployed, and B might be an image of the same drive after an R that describes changes to metadata describing it has been compromised by an attacker. However both A network flowsdfor example, that a web server that was and B might be two different systems that are based on previously listening on one IP address and port was moved a a common object : to another location, or that a protocol that was previously protected with SSL is no longer using encryption. On the other hand, a differential analysis of a Microsoft Word (2) document at two points in time might report that some paragraphs have been changed while others have been moveddan analysis performed by Word’s “Compare Typically the operations R that are reported are a func- Documents” feature, or the Unix command-line diff utility tion of both the data formats and the needs of the exam- on text files. iner. If A and B are disk images and the examiner is Feature (f). A piece of data or information that is either evaluating the installation footprint of a new application, explicitly extracted from the image or otherwise dependent then R might be a list of files and registry entries that are upon data within the image. For example, an email address created or changed. But if the examiner is looking for from an address book, a URL from a browser cache, the hash evidence of a malware infection, R might be a list of op- value of a sector, and a histogram of port frequency use codes that are changed in existing executables. within a set of packets are all examples of features. Image. A byte stream from any data-carrying device Feature in image ((A, f)). Features typically are found in representing the object under analysis. Practitioners will be images. In this case, feature f is found in image A. familiar with disk images, memory images and cell phone Feature name (NAME (A, f)). Every feature may have zero, images. Images may be physical, which can be thought of as one or multiple names. For example, if a feature is the a collection of sectors, or logical, which can be thought of as contents of a file, the feature name might be the file name.
Load more

Recommended publications
  • Why Is C. Diff So Hard to Culture and Kill?
    Why is C. diff so hard to culture and kill? Clostridium difficile, commonly referred to as C. diff, is the #1 nosocomial infection in hospitals (it actually kicked staph infections out of the top spot). At Assurance, we test for this organism as part of our Gastrointestinal (GI) panel. C. diff is a gram-positive anaerobe, meaning it does not like oxygen. Its defensive mechanism is sporulation – where it essentially surrounds itself with a tough outer layer of keratin and can live in water, soil, etc. for over a decade. For reference, anthrax is another organism that sporulates. Once C. diff sporulates, it is very hard to kill and in fact, bleach is one of the only disinfectants that work. Unfortunately, it can spread quickly throughout hospitals. Spores of C. diff are found all over hospital surfaces and even in some hospital water systems. It’s the most threatening for those who are immunocompromised or the elderly, who are the most likely to end up with C. diff infections. With our PCR testing, we’re looking for the C. diff organism itself but we’re also looking at the production of toxin. Unless it produces toxins A AND B together OR toxin B, C. diff doesn’t cause severe disease. Many babies are exposed to it during birth or in the hospitals and may test positive on our GI panel. Unless they are expressing those toxins (both toxin A&B or just toxin B) it is not considered a clinical infection. Studies show that toxins A&B together causes infection, as well as toxin B.
    [Show full text]
  • Tracking Computer Use with the Windows® Registry Dataset Doug
    Tracking Computer Use with the Windows® Registry Dataset Doug White Disclaimer Trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology, nor does it imply that the products are necessarily the best available for the purpose. Statement of Disclosure This research was funded by the National Institute of Standards and Technology Office of Law Enforcement Standards, the Department of Justice National Institute of Justice, the Federal Bureau of Investigation and the National Archives and Records Administration. National Software Reference Library & Reference Data Set The NSRL is conceptually three objects: • A physical collection of software • A database of meta-information • A subset of the database, the Reference Data Set The NSRL is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set of information. Windows® Registry Data Set It is possible to compile a historical list of applications based on RDS metadata and residue files. Many methods can be used to remove application files, but these may not purge the Registry. Examining the Registry for residue can augment a historical list of applications or provide additional context about system use. Windows® Registry Data Set (WiReD) The WiReD contains changes to the Registry caused by application installation, de-installation, execution or other modifying operations. The applications are chosen from the NSRL collection, to be of interest to computer forensic examiners. WiReD is currently an experimental prototype. NIST is soliciting feedback from the computer forensics community to improve and extend its usefulness.
    [Show full text]
  • Unix Programmer's Manual
    There is no warranty of merchantability nor any warranty of fitness for a particu!ar purpose nor any other warranty, either expressed or imp!ied, a’s to the accuracy of the enclosed m~=:crials or a~ Io ~helr ,~.ui~::~::.j!it’/ for ~ny p~rficu~ar pur~.~o~e. ~".-~--, ....-.re: " n~ I T~ ~hone Laaorator es 8ssumg$ no rO, p::::nS,-,,.:~:y ~or their use by the recipient. Furln=,, [: ’ La:::.c:,:e?o:,os ~:’urnes no ob~ja~tjon ~o furnish 6ny a~o,~,,..n~e at ~ny k:nd v,,hetsoever, or to furnish any additional jnformstjcn or documenta’tjon. UNIX PROGRAMMER’S MANUAL F~ifth ~ K. Thompson D. M. Ritchie June, 1974 Copyright:.©d972, 1973, 1974 Bell Telephone:Laboratories, Incorporated Copyright © 1972, 1973, 1974 Bell Telephone Laboratories, Incorporated This manual was set by a Graphic Systems photo- typesetter driven by the troff formatting program operating under the UNIX system. The text of the manual was prepared using the ed text editor. PREFACE to the Fifth Edition . The number of UNIX installations is now above 50, and many more are expected. None of these has exactly the same complement of hardware or software. Therefore, at any particular installa- tion, it is quite possible that this manual will give inappropriate information. The authors are grateful to L. L. Cherry, L. A. Dimino, R. C. Haight, S. C. Johnson, B. W. Ker- nighan, M. E. Lesk, and E. N. Pinson for their contributions to the system software, and to L. E. McMahon for software and for his contributions to this manual.
    [Show full text]
  • Fine-Grained and Accurate Source Code Differencing Jean-Rémy Falleri, Floréal Morandat, Xavier Blanc, Matias Martinez, Martin Monperrus
    Fine-grained and Accurate Source Code Differencing Jean-Rémy Falleri, Floréal Morandat, Xavier Blanc, Matias Martinez, Martin Monperrus To cite this version: Jean-Rémy Falleri, Floréal Morandat, Xavier Blanc, Matias Martinez, Martin Monperrus. Fine- grained and Accurate Source Code Differencing. Proceedings of the International Conference on Automated Software Engineering, 2014, Västeras, Sweden. pp.313-324, 10.1145/2642937.2642982. hal-01054552 HAL Id: hal-01054552 https://hal.archives-ouvertes.fr/hal-01054552 Submitted on 12 Sep 2014 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Fine-grained and Accurate Source Code Differencing Jean-Rémy Falleri Floréal Morandat Xavier Blanc Univ. Bordeaux, Univ. Bordeaux, Univ. Bordeaux, LaBRI, UMR 5800 LaBRI, UMR 5800 LaBRI, UMR 5800 F-33400, Talence, France F-33400, Talence, France F-33400, Talence, France [email protected] [email protected] [email protected] Matias Martinez Martin Monperrus INRIA and University of Lille, INRIA and University of Lille, France France [email protected] [email protected] ABSTRACT are computed between two versions of a same file. The goal At the heart of software evolution is a sequence of edit actions, of an edit script is to accurately reflect the actual change called an edit script, made to a source code file.
    [Show full text]
  • AN4421 – Using Codewarrior Diff Tool
    Freescale Semiconductor Document Number: AN4421 Application Note Using the CodeWarrior Diff Tool 1. Introduction CodeWarrior for Microcontrollers v10.x leverages the features of the Eclipse framework and thereby provides Contents a sophisticated and visually clear, graphical "diff" tool 1. Introduction .............................................................. 1 for comparing differences between revisions of source 2. Comparing Files....................................................... 1 code files. This document explores the use of the diff 3. Comparing File Edits ............................................... 3 tool available in CodeWarrior. 4. Comparison within Version Control Systems ....... 4 5. Merge ........................................................................ 7 2. Comparing Files The simplest case to use the CodeWarrior diff tool is to compare any two files in a project. To compare files: 1. Select any two files in the CodeWarrior Project Explorer view. You can use Ctrl-click or Shift- click to select the files, 2. Right-click on one of the files and select Compare With > Each Other from the context menu. © Freescale Semiconductor, Inc., 2012. All rights reserved. Comparing Files Figure 1. Comparison of two files in a project Notice in the trivial example in Figure 1 above hello.c and hello.cpp are (faintly) selected. The differences include: • Code outline view which can also be used to limit the scope of what is displayed in the differences below it. • Compare viewer or the comparison window at the bottom that contains the two files side-by-side with the line-oriented differences highlighted by outline and the specific differences with a background highlight. The icons at the top right of the source comparison are tool buttons are helpful for managing a merge. For more information on managing merge refer to the topic Merge in the document.
    [Show full text]
  • Unix Commands (09/04/2014)
    Unix Commands (09/04/2014) • Access control – login <login_name> – exit – passwd <login_name> – yppassswd <loginname> – su – • Login as Super user – su <login> • Login as user <login> • Root Prompt – [root@localhost ~] # • User Prompt – [bms@raxama ~] $ On Line Documentation – man <command/topic> – info <command/topic> • Working with directories – mkdir –p <subdir> ... {-p create all directories in path if not present} mkdir –p /2015/Jan/21/14 will create /2015, Jan, 21 & 14 in case any of these is absent – cd <dir> – rm -r <subdir> ... Man Pages • 1 Executable programs or shell commands • 2 System calls (functions provided by the kernel) • 3 Library calls (functions within program libraries) • 4 Special files (usually found in /dev) • 5 File formats and conventions eg /etc/passwd • 6 Games • 7 Miscellaneous (including macro packages and conventions), e.g. man(7), groff(7) • 8 System administration commands (usually only for root) • 9 Kernel routines [Non standard] – man grep, {awk,sed,find,cut,sort} – man –k mysql, man –k dhcp – man crontab ,man 5 crontab – man printf, man 3 printf – man read, man 2 read – man info Runlevels used by Fedora/RHS Refer /etc/inittab • 0 - halt (Do NOT set initdefault to this) • 1 - Single user mode • 2 - Multiuser, – without NFS (The same as 3, if you do not have networking) • 3 - Full multi user mode w/o X • 4 - unused • 5 - X11 • 6 - reboot (Do NOT set init default to this) – init 6 {Reboot System} – init 0 {Halt the System} – reboot {Requires Super User} – <ctrl> <alt> <del> • in tty[2-7] mode – tty switching • <ctrl> <alt> <F1-7> • In Fedora 10 tty1 is X.
    [Show full text]
  • Introduction to UNIX Command Line
    Introduction to UNIX Command Line ● Files and directories ● Some useful commands (echo, cat, grep, find, diff, tar) ● Redirection ● Pipes ● Variables ● Background processes ● Remote connections (e.g. ssh, wget) ● Scripts The Command Line ● What is it? ● An interface to UNIX ● You type commands, things happen ● Also referred to as a “shell” ● We'll use the bash shell – check you're using it by typing (you'll see what this means later): ● echo $SHELL ● If it doesn't say “bash”, then type bash to get into the bash shell Files and Directories / home var usr mcuser abenson drmentor science catvideos stuff data code report M51.fits simulate.c analyze.py report.tex Files and Directories ● Get a pre-made set of directories and files to work with ● We'll talk about what these commands do later ● The “$” is the command prompt (yours might differ). Type what's listed after hit, then press enter. $$ wgetwget http://bit.ly/1TXIZSJhttp://bit.ly/1TXIZSJ -O-O playground.tarplayground.tar $$ tartar xvfxvf playground.tarplayground.tar Files and directories $$ pwdpwd /home/abenson/home/abenson $$ cdcd playgroundplayground $$ pwdpwd /home/abenson/playground/home/abenson/playground $$ lsls animalsanimals documentsdocuments sciencescience $$ mkdirmkdir mystuffmystuff $$ lsls animalsanimals documentsdocuments mystuffmystuff sciencescience $$ cdcd animals/mammalsanimals/mammals $$ lsls badger.txtbadger.txt porcupine.txtporcupine.txt $$ lsls -l-l totaltotal 88 -rw-r--r--.-rw-r--r--. 11 abensonabenson abensonabenson 19441944 MayMay 3131 18:0318:03 badger.txtbadger.txt -rw-r--r--.-rw-r--r--. 11 abensonabenson abensonabenson 13471347 MayMay 3131 18:0518:05 porcupine.txtporcupine.txt Files and directories “Present Working Directory” $$ pwdpwd Shows the full path of your current /home/abenson/home/abenson location in the filesystem.
    [Show full text]
  • Ce 322 (0246Er ©Erc D00HP Compiler Construction Prof. Levy Problem Set 6 Due Monday 08 March Reading Assignm
    ¢¡¤£¦¥¨§ © ¨ ¨ ! #"%$'&)(©*&)('+ ,.-/-1032 46587:9<;>=?A@4B5C*DFEG@IH*JKEL;5C MONQPSRTU%VXWFY Z []\_^a`cb¤d efb g h i*jGV]klPnmpoLqrY sStuklqSNQvxw ?AzO{|;}C*~DGDp;~C<7:?C8E% @LzO~58C¢55¨# y @I;EFEp?CDGDG;}~C<7:?C8E M3qSN>xIi*NqnPnm 8PFPnV )V¡NQv¢¤£>V¦¥A§©¨I¨_ª>«p¬®­ª}¯¬ M3qSN>]Qx°V¡v¡qS±¤±²PSjpN|nNqS³´³uqSNµR¶PnN¸·n¹Sº¤VX)»pNQV£Q£>¢¤Pnmp£¦¢¤m¼k½UO¾ANQV»pNQPFopjpvV¡o6¿1V¡±©PÁÀaÀ¢©Qw6qopop¢©Q¢¤PnmpqS±ÂN>jp±¤V£ R¶PnNqNQ¢©Qwp³´V¢©v*qSmGol¿1P)PS±¤VrqmÃVX)»pNQV£Q£>¢¤Pnmp£ÅÄ ª ¬ «Fá «cä Æ>ÇÈ1ÉËÊ Ì¤ÆXÍÏÎQÆ>ÇÈ1ÉlÐ.ÑSÉXÒÓÍÓÔFÎQÆ>ÇÈ1ɽÐ.ÕXÖÁÖ'Ì×ÎQÆ>ÇÈ1É Ð Æ>ÇÈ1É Ð)ØÚÙÛÐFÜ/ÝÞàß ÐcßOâ/â1ã Ü «æå « ̤ÆXÍÚÎQÆ>ÇÈ1ÉËÊ ã Õ¡ÒÓç1èSÒÓçFé'ê]ØÏÜÆ>ÇÈ1É Ü3Ù ÑSÉ ÒÓͶÔFÎQÆ>ÇÈ1É¨Ê Æ>ÇÈ1ÉËëÆ>ÇÈ1ɽÐ/Æ>ÇÈ1Éuì Æ>ÇÈ1É ä á ÕXÖÁÖ'Ì×ÎQÆ>ÇÈ1É¨Ê Æ>ÇÈ1É ÜÙÆ>ÇÈ1ɽÐ/Æ>ÇÈ1ɸâ Æ>ÇÈ1É Õ¡ÒÓç1èSÒÓçFé'êíÊ Õ¡ÒÓç1èSÒÓçFé¼Ð.Õ¡ÒÓç1èSÒÓçFé.î%Õ¡ÒÓç1èSÒÓçFé'ê ä Õ¡ÒÓç1èSÒÓçFéÃÊ ï ã8ð'ÑSÉuñòÆ>ÇÈ1É À¢ów wpV]jp£QjpqS±Âq£Q£QjG³u»GQ¢¤PnmG£q¿.Pnj)µ»pN>V¡vV¡opVmpv¡V ôõËö ¾1ä ö á÷X¾1qSmpo wpV|R¶Pn±¤±©PÁÀ¢¤mp¨N>V¡njp±¤qSNopVø)ù ë Ü3Ù â mp¢ó¢©Pnmp£¡ ùþ/q'ùÿ¡ ù}þ/q®ùÿrs®ù£¢¤ ¦¥ ØÚÙúÊ ûýü ûýü «Fá s'ù£¢§ ©¨ Ü/ÝÞàß Ê û «Fä åÁá « ¯ä « ßOâ/â1ã Ü¢Ê Ý Ð ã jG»p».PS£QV¨£QPS³uVPnmpV¸³uqSSV£µwGVíR¶Pn±¤±©PÁÀ¢¤mp´£QjpSnV¡£}¢¤PSm/R¶PSNwG¢¤£*£>PnN><PR£Q¢¤³´»p±©V¦»pN>PnnNQqS³u³´¢¤mGu±¤qSmpnjLqnVS¾ ÀV¦v¡qSmqrWSPn¢¤o ÀNQ¢ó¢¤mGuqËop¢©£>¢©mpvYF»1VXùvxwGV¡vxc¢¤mpv¡Pn³´».PSmpV¡mær¾I¿æY ¢¤mGv¡PnN>».PnNQq¢©mp¸YF».V¦¢¤mGR¶PSNQ³uq¢©Pnm ¢¤mæQP QwpVnNQqS³´³qSN<¢ó£>V¡±©RT LPnN|VXGqS³´»p±©VS¾3QP»pN>Pnwp¢¤¿G¢©]³u¢Å)¢¤mp jp»B¿1PFPn±¤V¡qSmp£¦qSmpo6mcjp³í¿.VNQ£¡¾²ÀVvPnjp±©oB³uPÁWSV «cá¸R¶NQPn³QwpV¸° PSR²wGV NQjp±©V]QPuQwpVí° PSR²wGV
    [Show full text]
  • IBM ILOG CPLEX Optimization Studio OPL Language Reference Manual
    IBM IBM ILOG CPLEX Optimization Studio OPL Language Reference Manual Version 12 Release 7 Copyright notice Describes general use restrictions and trademarks related to this document and the software described in this document. © Copyright IBM Corp. 1987, 2017 US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Other company, product, or service names may be trademarks or service marks of others. © Copyright IBM Corporation 1987, 2017. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures ............... v Limitations on constraints ........ 59 Formal parameters ...........
    [Show full text]
  • SAS on Unix/Linux- from the Terminal to GUI
    SAS on Unix/Linux- from the terminal to GUI. L Gakava & S Kannan – October 2015 Agenda All about the terminal o Customising your terminal o Basic Linux terminal commands o Running SAS in non-interactive mode o Available SAS file editors o What to look out for on Unix/Linux platform All about Graphical User Interface (GUI) o Launching SAS GUI. o Changing SAS default behaviour o SAS ToolBox commands o SAS editor commands. Motivation - Why Use SAS On Unix/Linux? Using SAS on UNIX/Linux Platform o Company migrating to UNIX/Linux o Joining a company which is using SAS on the Linux platform Challenge Too many commands to learn! Why Use SAS On Unix/Linux o Customising Linux sessions will ensure you increase work efficiency by taking advantage of the imbedded Linux tools. In general transferring and running large files will be quicker in Linux compared to PC*. Terminal What to expect when you login? % pwd /home/username % ls Customise: Update .bashrc file with this line PS1='$IV $PWD$EE> ' will change your prompt to show the following: /home/username> Terminal Navigation Command Meaning ls list files and directories ls -a list all files and directories mkdir make a directory cd directory change to named directory cd change to home-directory cd ~ change to home-directory cd .. change to parent directory Terminal Navigation Command Meaning cp file1 file2 copy file1 and call it file2 mv file1 file2 move or rename file1 to file2 rm file remove a file rmdir directory remove a directory cat file display a file less file display a file a page at a time head file display the first few lines of a file tail file display the last few lines of a file grep 'keyword' file search a file for keywords count number of lines/words/ wc file characters in file Terminal useful commands How do you find out if a version of a file has changed? /home/username>diff file1.txt file2.txt Command to compare two files.
    [Show full text]
  • Ka324 Ka324a Ka2902
    KA324 / KA324A / KA2902 — Quad Operational Amplifier November 2014 KA324 / KA324A / KA2902 Quad Operational Amplifier Features Description • Internally Frequency Compensated for Unity Gain The KA324 series consist of four independent, high gain, • Large DC Voltage Gain: 100 dB internally frequency compensated operational amplifiers • Wide Power Supply Range: which were designed specifically to operate from a sin- gle power supply over a wide voltage range. Operation KA324 / KA324A: 3 V ~ 32 V (or ±1.5 V ~ 16 V) from split power supplies is also possible so long as the KA2902: 3 V ~ 26 V (or ±1.5 V ~ 13 V) difference between the two supplies is 3 V to 32 V. Appli- • Input Common Mode Voltage Range Includes Ground cation areas include transducer amplifier, DC gain blocks • Large Output Voltage Swing: 0 V to VCC -1.5 V and all the conventional OP Amp circuits which now can • Power Drain Suitable for Battery Operation be easily implemented in single power supply systems. 14-DIP 1 14-SOP 1 Ordering Information Part Number Operating Temperature Range Top Mark Package Packing Method KA324 KA324 MDIP 14L Rail KA324A KA324A MDIP 14L Rail 0 to +70°C KA324DTF KA324D SOP 14L Tape and Reel KA324ADTF KA324AD SOP 14L Tape and Reel KA2902DTF -40 to +85°C KA2902D SOP 14L Tape and Reel © 2002 Fairchild Semiconductor Corporation www.fairchildsemi.com KA324 / KA324A / KA2902 Rev. 1.1.0 KA324 / KA324A / KA2902 — Quad Operational Amplifier Block Diagram OUT1 1 14 OUT4 IN1 (-) 2 1 4 13 IN4 (-) _ _ + + IN1 (+) 3 12 IN4 (+) VCC 4 11 GND IN2 (+) 5 _ + + _ 10 IN3 (+) IN2 (-) 6 2 3 9 IN3 (-) OUT2 78OUT3 Figure 1.
    [Show full text]
  • Integrating Simdiff 4 with Git + Sourcetree
    Integrating SimDiff 4 with git + SourceTree Contents Introduction ................................................................................................... 2 Configuration .................................................................................................. 2 Notes ......................................................................................................... 3 Usage ........................................................................................................... 4 © 2020 EnSoft Corp. Last updated 2020-05-27 Introduction Git is a distributed version control system. The primary interface for working with git is the command-line, using commands such as git commit, git push, etc. However, there are a number of GUI tools that have been built on top of the command line that provide a more convenient interface for working with a repository. Some of these interfaces support interactive diff and merge tools - others do not. The following instructions explain how to configure SimDiff 4 for use with git while using the SourceTree GUI tool. The configuration for this repository client requires the usage of Tool Selector. ToolSelector is a utility program developed by EnSoft that can be used to select between one or more configured tools based on certain properties of the input arguments (e.g. file type). For more information about ToolSelector, please refer to the ToolSelector User Guide.pdf located at your ToolSelector directory (by default, C:\Program Files\EnSoft\SimDiff 4\utils\toolselector). Note: if
    [Show full text]