DOCSLIB.ORG

Forensic Collection and Analysis of Volatile Data

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Forensic Collection and Analysis of Volatile Data Copyright 2005 Carnegie Mellon University Forensic Collection and Analysis of Volatile Data This lab is an introduction to collecting volatile data from both a compromised Linux and Windows host. In the event that a host in your organization is compromised you may need to perform forensic analysis. When collecting forensic evidence it is important to begin with the most volatile information. This is information that is stored in the memory (RAM), like open ports and connections as well as running processes. This is information that can not be gathered once the machine has been rebooted. Remember to always start with the volatile information first! The main exercise in this lab details specific means by which to collect forensic evidence. Before starting any forensic collection it is important to have a trusted toolkit from which to work. This should contain trusted versions of commands so that you can be assured that the evidence you collect is valid and uncompromised. Your toolkit can vary depending on the evidence you want to collect and the operating system a host is running, but it should contain basic tools such as netstat, ipconfig, a command shell and others. There are a multitude of available tools for you to choose from. You will be using the netstat command to collect information about open network connections and listening ports on the compromised hosts. This is not the ideal method for collecting forensic information since you want to collect more information that just the network status. This means that you will need to execute a series of commands in order to collect the entire body of evidence. In collecting evidence it is important to leave the smallest footprint of your activity, so having to type in multiple commands is not the best method. At the end of each section there is an “Optional Challenge.” The goal in the challenge exercise is to become familiar with the idea of using a .bat and a bash file to collect evidence. A .bat file or bash script is simply a string of commands in a single script. This helps minimize the footprint left behind during the collection phase by allowing you to execute one script instead of having to execute multiple commands from the command line. Volatile Data Collection Page 1 of 10 Copyright 2005 Carnegie Mellon University Your lab environment consists of three virtual computer systems. 1. A Windows 2003 Server launchpad system that will allow you to remotely access the machines below. This system’s hostname is: VTE­Launchpad and its IP address is 10.0.254.254. 2. A Linux machine that will serve as a compromised host from which you will gather forensic data. The systems hostname is: Linux Compromised and its IP is 10.0.4.51. 3. A Windows 2003 machine that will serve as the compromised Windows host. This system’s hostname is: Win Compromised and its IP address is 10.0.4.50. 1 Establishing a forensic collection system You will configure the “VTE­Launchpad” to function as a Netcat Listener (Evidence Collector) for a capture of volatile data from a live Windows system. Two collections will be made: (1) A simple collection of data using one trusted command, and (2) a comprehensive collection using a trusted .bat file of trusted tools. 1. From the VTE­Launchpad, open a trusted command shell by selecting Start > Run and browsing to the trusted forensic CD (i.e. D: drive) that has been pre­loaded. Open the trusted command shell located at “\Tools\Windows\Forensics\t_cmd.exe”. Volatile Data Collection Page 2 of 10 Copyright 2005 Carnegie Mellon University 2. In the trusted command shell window, type the command ‘t_ipconfig’ to identify the IP Address of the Windows VTE­Launchpad. This will be needed later during the collection phase. 3. It is time to establish a Netcat listener on the “VTE­Launchpad”. This platform will serve as the collection system for the upcoming collection of volatile data. From the command line in the trusted shell type: t_nc.exe –L –p 443 > C:\Collectiondata.txt Figure 1 This syntax will activate a Netcat listen on port 443 and direct all received data to the file “Collectiondata.txt” locate on the root of C:\. Notice that the path at the top of the command shell window indicates that it is running from the trusted source, i.e. forensics CD. 2 Collecting Volatile Data from a Windows System The target system for this exercise will be the “Win Compromised” host. This machine contains information that you will need to collect and analyze to determine if the host has been compromised and to what extent. You will be collecting the data from the compromised host and using Netcat to send the forensic data to your Windows VTE­Launchpad system. 1. From the VTE­Launchpad Desktop, Select the Remote Desktop Connection icon and connect to the “Win Compromised” machine at 10.0.4.50. Press the ‘Options>>’ button and select the ‘Display’ tab. Under ‘Remote desktop size’ drag the bar to the left until it reaches ‘800 by 600 pixels’. Press Connect. Login with: User: jsmith Password: tartans 2. From the “WIN Compromised” console, select Start > Run and browse to the trusted forensic CD that has been pre­ loaded. Open the trusted command shell located at “\Tools\Windows\Forensics\t_cmd.exe”. Volatile Data Collection Page 3 of 10 Figure 2 Copyright 2005 Carnegie Mellon University 3. From the trusted command shell, type: t_netstat.exe –an | t_nc.exe 10.0.254.254 443 This syntax will execute the ‘t_netstat.exe’ (trusted) from the CD and send the output from the command to the “Windows VTE­Launchpad”, which will write the data in the “C:\WinCollectiondata.txt” file. It will take approximately one minute for the netstat command to execute and the data to be transferred to the VTE­Launchpad. 4. You will need to wait approximately one minute for the command to be executed and data to be transferred to the VTE­Launchpad. Now close the open Netcat connections on both the “Win Compromised” and “VTE­ Launchpad” hosts. To do this, from the open trusted command shells press “Ctrl C”. This will close the Netcat connections. 5. The last step is to verify that the volatile data from the remote collection has been sent to the Windows VTE­Launchpad 6. From the “VTE­Launchpad” open and examine the “C:\WinCollectiondata.txt” file. To locate and open this file select, Start > My Computer > Local Disk C: Right­click the ‘WinCollectiondata.txt’ file and select Open With > WordPad to view the contents. WHAT DO YOU SEE? Volatile Data Collection Page 4 of 10 Copyright 2005 Carnegie Mellon University Figure 3 Volatile Data Collection Page 5 of 10 Copyright 2005 Carnegie Mellon University Optional Challenge: 1. Contained on the forensics CD in the Tools\Windows\Forensics\ folder is a .bat file titled “Windows_Response.bat”. This file executes several trusted commands from the CD which collects volatile data. Using the directions above, attempt to utilize this .bat file to conduct a comprehensive collection of volatile data from the “Win Compromised” and report any interesting findings. WHAT DO YOU SEE? Some of the processes that you should be able to see are: Host_sensor.exe The ‘host_sensor.exe’ process acts as a host alive checking sensor for the Linux_Compromised machine. Once the Linux_Compromised machine is alive it then connects to an open port. (Port 4444) Host_sensor.exe The ‘host_sensor.exe’ process acts as a host alive checking sensor for the Linux_Compromised machine. Once the Linux_Compromised machine is alive it then connects to an open port. (Port 23) Rogueprocess.bat will be executed upon startup which inturn executes the ‘svchost1.exe’ binary passing command line parameters. ccApp4.exe is a masked WinDump.exe (Network Sniffer) spoolsSV.exe is a (Key logger) that will automatically start and capture keystrokes upon startup. tini.exe is a running (Backdoor) that will listen on port 7777 for any connections. If a connection is established to port 7777 a command shell will be spawned. svchost1.exe is a masked (Netcat Listener) that listens on port 80 for any connections. If a connection is established to port 80 a command shell will be spawned. dxxccxymju.exe is a running (Backdoor Trojan i.e. Subseven) that listens on the default port of 27374. Note the filename on this rogue process is randomly picked each time the machine is restarted. 2. Again, remember to close the Netcat connection when the transfer is complete. Keep in mind that Netcat does not report its status. Volatile Data Collection Page 6 of 10 Copyright 2005 Carnegie Mellon University 3 Collecting Volatile Data from a Linux System 3.1 Remotely Accessing the Linux Host via Secure Shell The target system for this exercise will be the “Linux Compromised” machine. You will be collecting forensic evidence from this machine and storing it on the “VTE­Launchpad.” You will need to re­establish the VTE­Launchpad to listen for incoming connections. Using the instructions from section 1 (Establishing a forensic collection system) you will want to save the collected data in a file called C:\LinuxCollectiondata.txt or C:\LinuxCollectiondata.cvs. 1. To connect to the compromised Linux host locate and double­click the ‘Putty.exe icon’ on the desktop of the VTE­Launchpad. Putty is a very popular (and free) SSH client. 2. Type ‘10.0.4.51’ in the Host name (IP Address) box within the Putty application and then click ‘Open’. Select Yes to accept the server key. 3. Login with the following credentials: Username: root Password: tartans 3.2 Collecting data using a trusted Netstat command 1.
Load more

Recommended publications
  • Understanding MPLS OAM Capabilities to Troubleshoot MPLS Networks
    Understanding MPLS OAM capabilities to troubleshoot MPLS Networks Mukhtiar A. Shaikh ([email protected]) Moiz Moizuddin ([email protected]) 1 Agenda • MPLS Overview • Existing Ping/Trace Capabilities • LSP Ping/Trace –Theory of Operation –MPLS Echo Packet –Configuration and Troubleshooting Using LSP Ping/Trace •LSP Ping •LSP Trace –AToM VCCV • Summary 222 MPLS OAM Overview • Converged network implies a wide range of applications and OAM needs • IP Based Tools A flexible set of tools LSP Ping / Traceroute End-End OAM Attachment VC OAM’s MPLS OAM Attachment VC OAM’s Ingress Egress LSP Created by LDP and/or RSVP-TE CE PE PE CE PWE3 or VPN Label 333 Agenda • MPLS Overview • Existing Ping/Trace Capabilities • LSP Ping/Trace –Theory of Operation –MPLS Echo Packet –Configuration and Troubleshooting Using LSP Ping/Trace •LSP Ping •LSP Trace –AToM VCCV • Summary 444 IP Ping • PING makes use of the Internet Control Message Protocol (ICMP) protocol • Ping message of 2 types type=8: ICMP echo request messages type=0: ICMP echo reply message • Optional data field is used to store the time at which the ICMP echo request message has been send • The Round Trip Time (RTT) 555 IP Traceroute • Traceroute makes use of the Internet Control Message Protocol (ICMP) protocol and TTL field on the IP header • Traceroute is sent in a UDP packet encapsulated on an IP packet • TTL-field of an IP datagram is processed by each hop in two possible ways If a hop holds IP-datagram for more than one second, it decrements the TTL-field of that IP datagram by the number
    [Show full text]
  • Windows Command Prompt Cheatsheet
    Windows Command Prompt Cheatsheet - Command line interface (as opposed to a GUI - graphical user interface) - Used to execute programs - Commands are small programs that do something useful - There are many commands already included with Windows, but we will use a few. - A filepath is where you are in the filesystem • C: is the C drive • C:\user\Documents is the Documents folder • C:\user\Documents\hello.c is a file in the Documents folder Command What it Does Usage dir Displays a list of a folder’s files dir (shows current folder) and subfolders dir myfolder cd Displays the name of the current cd filepath chdir directory or changes the current chdir filepath folder. cd .. (goes one directory up) md Creates a folder (directory) md folder-name mkdir mkdir folder-name rm Deletes a folder (directory) rm folder-name rmdir rmdir folder-name rm /s folder-name rmdir /s folder-name Note: if the folder isn’t empty, you must add the /s. copy Copies a file from one location to copy filepath-from filepath-to another move Moves file from one folder to move folder1\file.txt folder2\ another ren Changes the name of a file ren file1 file2 rename del Deletes one or more files del filename exit Exits batch script or current exit command control echo Used to display a message or to echo message turn off/on messages in batch scripts type Displays contents of a text file type myfile.txt fc Compares two files and displays fc file1 file2 the difference between them cls Clears the screen cls help Provides more details about help (lists all commands) DOS/Command Prompt help command commands Source: https://technet.microsoft.com/en-us/library/cc754340.aspx.
    [Show full text]
  • Dig, a DNS Query Tool for Windows and Replacement for Nslookup 2008-04-15 15:29
    dig, a DNS query tool for Windows and replacement for nslookup 2008-04-15 15:29 Disclaimer dig (dig for Windows ) (dig is a powerful tool to investigate [digging into] the DNS system) Source of the binary is from ftp.isc.org Manual Page of dig, in the cryptic Unix style, for reference only. (1) Download: Windows 2000 or Windows XP or Windows Vista ( dig version 9.3.2) Create a folder c:\dig Download this dig-files.zip and save it to c:\dig Use winzip or equivalent to extract the files in dig-files.zip to c:\dig Note: If msvcr70.dll already exists in %systemroot%\system32\ , then you can delete c:\dig\msvcr70.dll Note: Included in dig-files.zip is a command line whois, version 4.7.11: The canonical site of the whois source code is http://ftp.debian.org/debian/pool/main/w/whois/ The whois.exe file inside dig-files.zip is compiled using cygwin c++ compiler. (2) Do a file integrity check (why ? Because some virus checkers destroy dll files) Click Start.. Run ... type CMD (a black screen pops up) cd c:\dig sha1 * You should see some SHA1 hashes (in here, SHA1 hash is used as an integrity check, similar to checksums). Compare your hashes with the following table. SHA1 v1.0 [GPLed] by Stephan T. Lavavej, http://stl.caltech.edu 6CA70A2B 11026203 EABD7D65 4ADEFE3D 6C933EDA cygwin1.dll 57487BAE AA0EB284 8557B7CA 54ED9183 EAFC73FA dig.exe 97DBD755 D67A5829 C138A470 8BE7A4F2 6ED0894C host.exe D22E4B89 56E1831F F0F9D076 20EC19BF 171F0C29 libbind9.dll 81588F0B E7D3C6B3 20EDC314 532D9F2D 0A105594 libdns.dll E0BD7187 BBC01003 ABFE7472 E64B68CD 1BDB6BAB libeay32.dll F445362E 728A9027 96EC6871 A79C6307 054974E4 libisc.dll B3255C0E 4808A703 F95C217A 91FFCD69 40E680C9 libisccfg.dll DFBDE4F9 E25FD49A 0846E97F D813D687 6DC94067 liblwres.dll 61B8F573 DB448AE6 351AE347 5C2E7C48 2D81533C msvcr70.dll BDA14B28 7987E168 F359F0C9 DD96866D 04AB189B resolv.conf 1112343A 319C3EEE E44BF261 AE196C96 289C70E2 sha1.exe 21D20035 2A5B64E2 69FEA407 4D78053F 3C7A2738 whois.exe If your hashes are the same as the above table, then your files pass the integrity check.
    [Show full text]
  • Wireshark Lab: Getting Started SOLUTION
    Wireshark Lab: Getting Started SOLUTION Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross © 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved Q1. List the 3 different protocols that appear in the protocol column in the unfiltered packet-listing window in step 7 above. Answer: Some of the protocols listed in the screenshot below are UDP, TCP, ARP, ICMP, MDNS, and STUN. (Note you weren’t asked to do a screenshot, but here is mine): ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Q2. How long did it take from when the HTTP GET message was sent until the HTT OK reply was received? (By default, the value of the Time column in the packet listing window is the amount of time, in seconds, since Wireshark tracing began. To display the Time field in time-of- day format, select the Wireshark View pull down menu, then select Time Display Format, then select Time-of-day.) Answer: As shown in the screen shot below (you didn’t have to provide this), the GET was sent at 11.300694 and the reply was received at 11.301658. The delay was thus 0.000964 secs ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Q3. What is the Internet address of the gaia.cs.umass.edu (also known as wwwnet. cs.umass.edu)? What is the Internet address of your computer? Answer: As shown in the screen shot below (you didn’t have to provide this), the IP address of gaia.cs.umass.edu is 128,119.245.145; the IP address of my laptop is 128.119.66.142 Q4.
    [Show full text]
  • ANSWERS ΤΟ EVEN-Numbered
    8 Answers to Even-numbered Exercises 2.1. WhatExplain the following unexpected are result: two ways you can execute a shell script when you do not have execute permission for the file containing the script? Can you execute a shell script if you do not have read permission for the file containing the script? You can give the name of the file containing the script as an argument to the shell (for example, bash scriptfile or tcsh scriptfile, where scriptfile is the name of the file containing the script). Under bash you can give the following command: $ . scriptfile Under both bash and tcsh you can use this command: $ source scriptfile Because the shell must read the commands from the file containing a shell script before it can execute the commands, you must have read permission for the file to execute a shell script. 4.3. AssumeWhat is the purpose ble? you have made the following assignment: $ person=zach Give the output of each of the following commands. a. echo $person zach b. echo '$person' $person c. echo "$person" zach 1 2 6.5. Assumengs. the /home/zach/grants/biblios and /home/zach/biblios directories exist. Specify Zach’s working directory after he executes each sequence of commands. Explain what happens in each case. a. $ pwd /home/zach/grants $ CDPATH=$(pwd) $ cd $ cd biblios After executing the preceding commands, Zach’s working directory is /home/zach/grants/biblios. When CDPATH is set and the working directory is not specified in CDPATH, cd searches the working directory only after it searches the directories specified by CDPATH.
    [Show full text]
  • Introduction to Unix Shell
    Introduction to Unix Shell François Serra, David Castillo, Marc A. Marti- Renom Genome Biology Group (CNAG) Structural Genomics Group (CRG) Run Store Programs Data Communicate Interact with each other with us The Unix Shell Introduction Interact with us Rewiring Telepathy Typewriter Speech WIMP The Unix Shell Introduction user logs in The Unix Shell Introduction user logs in user types command The Unix Shell Introduction user logs in user types command computer executes command and prints output The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output ⋮ user logs off The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output ⋮ user logs off The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output ⋮ user logs off shell The Unix Shell Introduction user logs in user types command computer executes command and prints output user types another command computer executes command and prints output
    [Show full text]
  • Linux File System and Linux Commands
    Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers Review of the Linux File System and Linux Commands 1. Introduction Becoming adept at using the Linux OS requires gaining familiarity with the Linux file system, file permissions, and a base set of Linux commands. In this activity, you will study how the Linux file system is organized and practice utilizing common Linux commands. Objectives • Describe the purpose of the /bin, /sbin, /etc, /var/log, /home, /proc, /root, /dev, /tmp, and /lib directories. • Describe the purpose of the /etc/shadow and /etc/passwd files. • Utilize a common set of Linux commands including ls, cat, and find. • Understand and manipulate file permissions, including rwx, binary and octal formats. • Change the group and owner of a file. Materials • Windows computer with access to an account with administrative rights The Air Force Cyber College thanks the Advanced Cyber Engineering program at the Air Force Research Laboratory in Rome, NY, for providing the information to assist in educating the general Air Force on the technical aspects of cyberspace. • VirtualBox • Ubuntu OS .iso File Assumptions • The provided instructions were tested on an Ubuntu 15.10 image running on a Windows 8 physical machine. Instructions may vary for other OS. • The student has administrative access to their system and possesses the right to install programs. • The student’s computer has Internet access. 2. Directories / The / directory or root directory is the mother of all Linux directories, containing all of the other directories and files. From a terminal users can type cd/ to move to the root directory.
    [Show full text]
  • Introduction to UNIX Command Line
    Introduction to UNIX Command Line ● Files and directories ● Some useful commands (echo, cat, grep, find, diff, tar) ● Redirection ● Pipes ● Variables ● Background processes ● Remote connections (e.g. ssh, wget) ● Scripts The Command Line ● What is it? ● An interface to UNIX ● You type commands, things happen ● Also referred to as a “shell” ● We'll use the bash shell – check you're using it by typing (you'll see what this means later): ● echo $SHELL ● If it doesn't say “bash”, then type bash to get into the bash shell Files and Directories / home var usr mcuser abenson drmentor science catvideos stuff data code report M51.fits simulate.c analyze.py report.tex Files and Directories ● Get a pre-made set of directories and files to work with ● We'll talk about what these commands do later ● The “$” is the command prompt (yours might differ). Type what's listed after hit, then press enter. $$ wgetwget http://bit.ly/1TXIZSJhttp://bit.ly/1TXIZSJ -O-O playground.tarplayground.tar $$ tartar xvfxvf playground.tarplayground.tar Files and directories $$ pwdpwd /home/abenson/home/abenson $$ cdcd playgroundplayground $$ pwdpwd /home/abenson/playground/home/abenson/playground $$ lsls animalsanimals documentsdocuments sciencescience $$ mkdirmkdir mystuffmystuff $$ lsls animalsanimals documentsdocuments mystuffmystuff sciencescience $$ cdcd animals/mammalsanimals/mammals $$ lsls badger.txtbadger.txt porcupine.txtporcupine.txt $$ lsls -l-l totaltotal 88 -rw-r--r--.-rw-r--r--. 11 abensonabenson abensonabenson 19441944 MayMay 3131 18:0318:03 badger.txtbadger.txt -rw-r--r--.-rw-r--r--. 11 abensonabenson abensonabenson 13471347 MayMay 3131 18:0518:05 porcupine.txtporcupine.txt Files and directories “Present Working Directory” $$ pwdpwd Shows the full path of your current /home/abenson/home/abenson location in the filesystem.
    [Show full text]
  • Chapter 1 Introducing UNIX
    Chapter 9 The Shell – Customizing the Environment Tien-Hsiung Weng 翁添雄 [email protected] Objectives • Know the difference between local and environment variables • Examine PATH, SHELL, MAIL, etc • Use the history mechanism to recall, edit, and run previously execute commands • Prevent accidental overwriting of files and logging out using set –o The Shell • The Unix shell is both an interpreter and a scripting language • When log in, an interactive shell presents a prompt and waits for requests • Shell supports job control, aliases, and history • An interactive shell runs a non-interactive shell when executing a shell script • C shell was created by Billy Joy • To know the shell we are using: echo $SHELL • We can run chsh command to change the entry in /etc/passwd (non-linux) • Make a temporary switch by running the shell itself as a command: csh (C shell runs as a child) and exit (terminate C shell back to login shell) Environment variables env command displays only environment variables PATH, SHELL, HOME, LOGNAME, USER, and so on, are environment variables MY_DIR=/home/eric/temp echo $MY_DIR sh echo $MY_DIR set will display the value of MY_DIR, but not env export MY_DIR (in Bourne and BASH) export statement enforces variable inheritance setenv MY_DIR (in C shell to enforce variable inheritance) Common Environment Variables HOME Æ Home dir (the directory a user is placed on logging in) PATH Æ List of directories searched by shell to locate a command LOGNAME Æ Login name of user USER Æ as above MAIL Æ Absolute pathname of user’s mailbox file MAILCHECK Æ Mail checking interval for incoming mail TERM Æ Type of terminal PWD Æ Absolute pathname of current directory (Korn and BASH only) CDPATH Æ List of directories searched by cd when used with a non-absolute pathname PS1 Æ Primary prompt string PS2 Æ Secondary prompt string SHELL Æ User’s login shell and one invoked by programs having shell escapes Prompt strings (PS1, PS2, PWD) echo $PS1 PS1=“C>” (in BASH) C> PS1=‘[$PWD]’ PS1=“\h>” (\h Æ hostname) Normally, PS2 is set to > or $ find .
    [Show full text]
  • Controlling Gpios on Rpi Using Ping Command
    Ver. 3 Department of Engineering Science Lab – Controlling PI Controlling Raspberry Pi 3 Model B Using PING Commands A. Objectives 1. An introduction to Shell and shell scripting 2. Starting a program at the Auto-start 3. Knowing your distro version 4. Understanding tcpdump command 5. Introducing tshark utility 6. Interfacing RPI to an LCD 7. Understanding PING command B. Time of Completion This laboratory activity is designed for students with some knowledge of Raspberry Pi and it is estimated to take about 5-6 hours to complete. C. Requirements 1. A Raspberry Pi 3 Model 3 2. 32 GByte MicroSD card à Give your MicroSD card to the lab instructor for a copy of Ubuntu. 3. USB adaptor to power up the Pi 4. Read Lab 2 – Interfacing with Pi carefully. D. Pre-Lab Lear about ping and ICMP protocols. F. Farahmand 9/30/2019 1 Ver. 3 Department of Engineering Science Lab – Controlling PI E. Lab This lab has two separate parts. Please make sure you read each part carefully. Answer all the questions. Submit your codes via Canvas. 1) Part I - Showing IP Addresses on the LCD In this section we learn how to interface an LCD to the Pi and run a program automatically at the boot up. a) Interfacing your RPI to an LCD In this section you need to interface your 16×2 LCD with Raspberry Pi using 4-bit mode. Please note that you can choose any type of LCD and interface it to your PI, including OLED. Below is the wiring example showing how to interface a 16×2 LCD to RPI.
    [Show full text]
  • Make Your SAS® Code Environmentally Aware Clarke Thacher, SAS Institute, Cary, NC
    PharmaSUG2010 - Paper TT-SAS01 Make Your SAS® Code Environmentally Aware Clarke Thacher, SAS Institute, Cary, NC ABSTRACT SAS global macro variables and operating system environment variables contain a wealth of information that can be used to add extra power to your SAS programs. This information can be used to add additional diagnostic information to your logs and add customization to reports. We will demonstrate a simple program to access all current operating system variables. We will describe some of the most common variables and suggest how they might be used. As an added bonus, we will show how to define SAS LIBNAMEs without writing a single line of SAS code. INTRODUCTION Environment variables offer SAS programmers the opportunity to customize their programs to the system environment where they are running. Environment variables are set by the operating system, command shell, user customizations, or the SAS program installation or configuration. They can be referenced in SAS programs using several methods. WHAT ARE ENVIRONMENT VARIABLES? Environment variables are a convenient way to pass information to programs running in the Windows, Linux, and UNIX environments. Environment variables establish an association between a name and a character string value. These environment variables can be accessed within shell scripts or in application programs such as SAS. Names and values can be arbitrarily long, although most names are less than 20 characters in length. In the UNIX and Linux environment, environment variable names are case sensitive, that is, ThisVar is not the same as THISVAR or thisvar. USING ENVIRONMENT VARIABLES IN THE OPERATING ENVIRONMENT UNIX AND LINUX Environment variables in UNIX are usually set by the shell, either from the command line or within a shell script.
    [Show full text]
  • Part I - Gathering WHOIS Information
    Part I - Gathering WHOIS Information Exercise 1: command-line WHOIS queries: in the following exercise you will use a Linux system to perform WHOIS lookups from a command-line. This requires outbound TCP port 43 access. As mentioned in the lecture discussion, ICANN is the authoritative registry for all top-level domains (TLDs) and is a great starting point for all manual WHOIS queries. NOTE: in practice, the Internet Assigned Numbers Authority (IANA) handles the day-to-day operations, which is located online at www.iana.org. 1. Start your BackTrack VM 2. Make sure you are connected to the Internet 3. Open a Linux shell 4. At the prompt, type the following (only type what's in bold): user1@bt:~$ whois net -h whois.iana.org | less Syntax breakdown: whois: command name net: search the .net TLD -h whois.iana.org: connect to server whose hostname is whois.iana.org (which is the authoritative registry for all TLDs) | less: send the output to the less paging program so you can view the results one page at a time. Use your up/down arrows to scroll text on the screen. 5. Who is the authoritative registry for .net? What is their WHOIS server domain name? 6. At the Linux prompt, type the following (only type what's in bold): user1@bt:~$ whois intermedia.net -h whois.verisign-grs.com | less Syntax breakdown: whois: command name intermedia.net: target domain you’re interested in finding out registrar information on -h whois.verisign-grs.com: connect to server whose hostname is VeriSign Global Registry Services (which is VeriSign's WHOIS server) | less: send the output to the less paging program so you can view the results one page at a time 7.
    [Show full text]