Digital Forensics XML and the DFXML Toolset
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Faster File Matching Using Gpgpus
Faster File Matching Using GPGPUs Deephan Mohan and John Cavazos Department of Computer and Information Sciences, University of Delaware Abstract We address the problem of file matching by modifying the MD6 algorithm that is best suited to take advantage of GPU computing. MD6 is a cryptographic hash function that is tree-based and highly parallelizable. When the message M is available initially, the hashing operations can be initiated at different starting points within the message and their results can be aggregated as the final step. In the parallel implementation, the MD6 program was partitioned and effectively parallelized across the GPU using CUDA. To demonstrate the performance of the CUDA version of MD6, we performed various experiments with inputs of different MD6 buffer sizes and varying file sizes. CUDA MD6 achieves real time speedup of more than 250X over the sequential version when executed on larger files. CUDA MD6 is a fast and effective solution for identifying similar files. Keywords: CUDA, MD6, GPU computing, File matching 1. Introduction compression level with the root being the final hash computed by the algorithm. The structure of a Merkle tree is shown in File matching is an important task in the field of forensics and Figure 1. In the MD6 implementation, the MD6 buffer size information security. Every file matching application is driven determines the number of levels in the tree and the bounds for by employing a particular hash generating algorithm. The crux parallelism. of the file matching application relies on the robustness and integrity of the hash generating algorithm. Various checksum generation algorithms like MD5[1], SHA-1[2], SHA-256[3], Tiger[4], Whirlpool[5], rolling hash have been utilized for file matching [6, 7]. -
Mike Zornek • March 2020
Working with Time Zones Inside a Phoenix App Mike Zornek • March 2020 Terminology Layers of Wall Time International Atomic Time (ITA) Layers of Wall Time Universal Coordinated Time (UTC) International Atomic Time (ITA) Layers of Wall Time Universal Coordinated Time (UTC) Leap Seconds International Atomic Time (ITA) Layers of Wall Time Standard Time Universal Coordinated Time (UTC) Leap Seconds International Atomic Time (ITA) Layers of Wall Time Standard Time Time Zone UTC Offset Universal Coordinated Time (UTC) Leap Seconds International Atomic Time (ITA) Layers of Wall Time Wall Time Standard Time Time Zone UTC Offset Universal Coordinated Time (UTC) Leap Seconds International Atomic Time (ITA) Layers of Wall Time Wall Time Standard Offset Standard Time Time Zone UTC Offset Universal Coordinated Time (UTC) Leap Seconds International Atomic Time (ITA) Things Change Wall Time Standard Offset Politics Standard Time Time Zone UTC Offset Politics Universal Coordinated Time (UTC) Leap Seconds Celestial Mechanics International Atomic Time (ITA) Things Change Wall Time Standard Offset changes ~ 2 / year Standard Time Time Zone UTC Offset changes ~ 10 / year Universal Coordinated Time (UTC) 27 changes so far Leap Seconds last was in Dec 2016 ~ 37 seconds International Atomic Time (ITA) "Time Zone" How Elixir Represents Time Date Time year hour month minute day second nanosecond NaiveDateTime Date Time year hour month minute day second nanosecond DateTime time_zone NaiveDateTime utc_offset std_offset zone_abbr Date Time year hour month minute day second -
So Many Date Formats: Which Should You Use? Kamlesh Patel, Jigar Patel, Dilip Patel, Vaishali Patel Rang Technologies Inc, Piscataway, NJ
Paper – 2463-2017 So Many Date Formats: Which Should You Use? Kamlesh Patel, Jigar Patel, Dilip Patel, Vaishali Patel Rang Technologies Inc, Piscataway, NJ ABSTRACT Nearly all data is associated with some Date information. In many industries, a SAS® programmer comes across various Date formats in data that can be of numeric or character type. An industry like pharmaceuticals requires that dates be shown in ISO 8601 formats due to industry standards. Many SAS programmers commonly use a limited number of Date formats (like YYMMDD10. or DATE9.) with workarounds using scans or substring SAS functions to process date-related data. Another challenge for a programmer can be the source data, which can include either Date-Time or only Date information. How should a programmer convert these dates to the target format? There are many existing Date formats (like E8601 series, B8601 series, and so on) and informants available to convert the source Date to the required Date efficiently. In addition, there are some useful functions that we can explore for deriving timing-related variables. For these methods to be effective, one can use simple tricks to remember those formats. This poster is targeted to those who have a basic understanding of SAS dates. KEYWORDS SAS, date, time, Date-Time, format, informat, ISO 8601, tips, Basic, Extended, Notation APPLICATIONS: SAS v9.2 INTRODUCTION Date and time concept in SAS is very interesting and can be handled very efficiently if SAS programmers know beyond basics of different SAS Date formats and informats along with many different Date functions. There are various formats available to use as per need in SAS. -
2017 W5.2 Fixity Integrity
FIXITY & DATA INTEGRITY DATA INTEGRITY DATA INTEGRITY PRESERVATION CONSIDERATIONS ▸ Data that can be rendered ▸ Data that is properly formed and can be validated ▸ DROID, JHOVE, etc. DATA DEGRADATION HOW DO FILES LOSE INTEGRITY? DATA DEGRADATION HOW DO FILES LOSE INTEGRITY? Storage: hardware issues ▸ Physical damage, improper orientation, magnets, dust particles, mold, disasters Storage: software issues ▸ "bit rot", "flipped" bits, small electronic charge, solar flares, radiation DATA DEGRADATION HOW DO FILES LOSE INTEGRITY? Transfer/Retrieval ‣ Transfer from one operating system or file system to another, transfer across network protocols, ▸ Metadata loss: example – Linux has no "Creation Date" (usually "file system" metadata) Mismanagement ▸ Permissions issues (read/write allowed), human error DATA PROTECTION VERIFICATION DATA PROTECTION VERIFICATION ▸ Material proof or evidence that data is unchanged ▸ Material proof or evidence that data is well-formed and should be renderable ▸ Example: Different vendors write code for standard formats in different ways DATA PROTECTION VERIFICATION Verify that data is well-formed using... DATA PROTECTION VERIFICATION Verify that data is well-formed using... ▸ JHOVE ▸ DROID ▸ XML Validator ▸ DVAnalyzer ▸ NARA File Analyzer ▸ BWF MetaEdit WHOLE-FILE CONSISTENCY FIXITY FIXITY BASIC METHODS Manual checks of file metadata such as... FIXITY BASIC METHODS Manual checks of file metadata such as... ▸ File name ▸ File size ▸ Creation date ▸ Modified date ▸ Duration (time-based media) FIXITY ADVANCED METHODS FIXITY -
Operation Guide 3448
MO1611-EA © 2016 CASIO COMPUTER CO., LTD. Operation Guide 3448 ENGLISH Congratulations upon your selection of this CASIO watch. Warning ! • The measurement functions built into this watch are not intended for taking measurements that require professional or industrial precision. Values produced by this watch should be considered as reasonable representations only. • Note that CASIO COMPUTER CO., LTD. assumes no responsibility for any damage or loss suffered by you or any third party arising through the use of your watch or its malfunction. E-1 About This Manual • Keep the watch away from audio speakers, magnetic necklaces, cell phones, and other devices that generate strong magnetism. Exposure to strong • Depending on the model of your watch, display text magnetism can magnetize the watch and cause incorrect direction readings. If appears either as dark figures on a light background, or incorrect readings continue even after you perform bidirectional calibration, it light figures on a dark background. All sample displays could mean that your watch has been magnetized. If this happens, contact in this manual are shown using dark figures on a light your original retailer or an authorized CASIO Service Center. background. • Button operations are indicated using the letters shown in the illustration. • Note that the product illustrations in this manual are intended for reference only, and so the actual product may appear somewhat different than depicted by an illustration. E-2 E-3 Things to check before using the watch Contents 1. Check the Home City and the daylight saving time (DST) setting. About This Manual …………………………………………………………………… E-3 Use the procedure under “To configure Home City settings” (page E-16) to configure your Things to check before using the watch ………………………………………… E-4 Home City and daylight saving time settings. -
Security 1 Lab
Security 1 Lab Installing Command-Line Hash Generators and Comparing Hashes In this project, you download different command-line hash generators to compare hash values. 1. Use your Web browser to go to https://kevincurran.org/com320/labs/md5deep.zip 2. Download this zip archive. 3. Using Windows Explorer, navigate to the location of the downloaded file. Right-click the file and then click Extract All to extract the files. 4. Create a Microsoft Word document with the line below: Now is the time for all good men to come to the aid of their country. 5. Save the document as Country1.docx in the directory containing files and then close the document. 6. Start a command prompt by clicking Start, entering cmd, and then pressing Enter. 7. Navigate to the location of the downloaded files. 8. Enter MD5DEEP64 Country1.docx to start the application that creates an MD5 hash of Country1.docx and then press Enter. What is the length of this hash? (note: If you are not working on a 64 bit machine, then simply run the MD5deep.exe 32 bit version). 9. Now enter MD5DEEP64 MD5DEEP.TXT to start the application that creates an MD5 hash of the accompanying documentation file MD5DEEP.TXT and then press Enter. What is the length of this hash? Compare it to the hash of Country1.docx. What does this tell you about the strength of the MD5 hash? 10. Start Microsoft Word and then open Country1.docx. 11. Remove the period at the end of the sentence so it says Now is the time for all good men to come to the aid of their country and then save the document as Country2.docx in the directory that contains the files. -
ASN.1. Communication Between Heterogeneous Systems – Errata
ASN.1. Communication between heterogeneous systems – Errata These errata concern the June 5, 2000 electronic version of the book "ASN.1. Communication between heterogeneous systems", by Olivier Dubuisson (© 2000). (freely available at http://www.oss.com/asn1/resources/books‐whitepapers‐pubs/asn1‐ books.html#dubuisson.) N.B.: The first page number refers to the PDF electronic copy and is the number printed on each page, not the number at the bottom of the Acrobat Reader window. The page number in parentheses refers to the paper copy published by Morgan Kaufmann. Page 9 (page 8 for the paper copy): ‐ last line, replace "(the number 0 low‐weighted byte" with "(the number 0 low‐weighted bit". Page 19 (page 19 for the paper copy): ‐ on the paper copy, second bullet, replace "the Physical Layer marks up..." with "the Data Link Layer marks up...". ‐ on the electronic copy, second bullet, replace "it is down to the Physical Layer to mark up..." with "it is down to the Data Link Layer to mark up...". Page 25 (page 25 for the paper copy): second paragraph, replace "that all the data exchange" with "that all the data exchanged". Page 32 (page 32 for the paper copy): last paragraph, replace "The order number has at least 12 digits" with "The order number has always 12 digits". Page 34 (page 34 for the paper copy): first paragraph, replace "it will be computed again since..." with "it will be computed again because...". Page 37 for the electronic copy only: in the definition of Quantity, replace "unites" with "units". Page 104 (page 104 for the paper copy): ‐ in rule <34>, delete ", digits"; ‐ at the end of section 8.3.2, add the following paragraph: Symbols such as "{", "[", "[[", etc, are also lexical tokens of the ASN.1 notation. -
NCIRC Security Tools NIAPC Submission Summary “HELIX Live CD”
NATO UNCLASSIFIED RELEASABLE TO THE INTERNET NCIRC Security Tools NIAPC Submission Summary “HELIX Live CD” Document Reference: Security Tools Internal NIAPC Submission NIAPC Category: Computer Forensics Date Approved for Submission: 24-04-2007 Evaluation/Submission Agency: NCIRC Issue Number: Draft 0.01 NATO UNCLASSIFIED RELEASABLE TO THE INTERNET NATO UNCLASSIFIED RELEASABLE TO THE INTERNET TABLE of CONTENTS 1 Product ......................................................................................................................................3 2 Category ....................................................................................................................................3 3 Role ............................................................................................................................................3 4 Overview....................................................................................................................................3 5 Certification ..............................................................................................................................3 6 Company....................................................................................................................................3 7 Country of Origin .....................................................................................................................3 8 Web Link ...................................................................................................................................3 -
GLONASS Time. 2. Generation of System Timescale
GLONASS TIME SCALE DESCRIPTION Definition of System 1. System timescale: GLONASS Time. 2. Generation of system timescale: on the basis of time scales of GLONASS Central Synchronizers (CS). 3. Is the timescale steered to a reference UTC timescale: Yes. a. To which reference timescale: UTC(SU), generated by State Time and Frequency Reference (STFR). b. Whole second offset from reference timescale: 10800 s (03 hrs 00 min 00 s). tGLONASS =UTC (SU ) + 03 hrs 00 min c. Maximum offset (modulo 1s) from reference timescale: 660 ns (probability 0.95) – in 2014; 4 ns (probability 0.95) – in 2020. 4. Corrections to convert from satellite to system timescale: SVs broadcast corrections τn(tb) and γn(tb) in L1, L2 frequency bands for 30-minute segments of prediction interval. a. Type of corrections given; include statement on relativistic corrections: Linear coefficients broadcast in operative part of navigation message for each SV (in accordance with GLONASS ICD). Periodic part of relativistic corrections taking into account the deviation of individual SVs orbits from GLONASS nominal orbits is incorporated in calculation of broadcast corrections to convert from satellite timescale to GLONASS Time. b. Specified accuracy of corrections to system timescale: The accuracy of calculated offset between SV timescale and GLONASS Time – 5,6 ns (rms). c. Location of corrections in broadcast messages: L1/L2 - τn(t b) – line 4, bits 59 – 80 of navigation frame; - γn(t b) - line 3, bits 69 – 79 of navigation frame. d. Equation to correct satellite timescale to system timescale: L1/L2 tGLONASS = t +τ n (tb ) − γ n (tb )( t − tb ) where t - satellite time; τn(t b), γn(tb) - coefficients of frequency/time correction; tb - time of locking frequency/time parameters. -
Understanding JSON Schema Release 2020-12
Understanding JSON Schema Release 2020-12 Michael Droettboom, et al Space Telescope Science Institute Sep 14, 2021 Contents 1 Conventions used in this book3 1.1 Language-specific notes.........................................3 1.2 Draft-specific notes............................................4 1.3 Examples.................................................4 2 What is a schema? 7 3 The basics 11 3.1 Hello, World!............................................... 11 3.2 The type keyword............................................ 12 3.3 Declaring a JSON Schema........................................ 13 3.4 Declaring a unique identifier....................................... 13 4 JSON Schema Reference 15 4.1 Type-specific keywords......................................... 15 4.2 string................................................... 17 4.2.1 Length.............................................. 19 4.2.2 Regular Expressions...................................... 19 4.2.3 Format.............................................. 20 4.3 Regular Expressions........................................... 22 4.3.1 Example............................................. 23 4.4 Numeric types.............................................. 23 4.4.1 integer.............................................. 24 4.4.2 number............................................. 25 4.4.3 Multiples............................................ 26 4.4.4 Range.............................................. 26 4.5 object................................................... 29 4.5.1 Properties........................................... -
Array Databases: Concepts, Standards, Implementations
Baumann et al. J Big Data (2021) 8:28 https://doi.org/10.1186/s40537-020-00399-2 SURVEY PAPER Open Access Array databases: concepts, standards, implementations Peter Baumann , Dimitar Misev, Vlad Merticariu and Bang Pham Huu* *Correspondence: b. Abstract phamhuu@jacobs-university. Multi-dimensional arrays (also known as raster data or gridded data) play a key role in de Large-Scale Scientifc many, if not all science and engineering domains where they typically represent spatio- Information Systems temporal sensor, image, simulation output, or statistics “datacubes”. As classic database Research Group, Jacobs technology does not support arrays adequately, such data today are maintained University, Bremen, Germany mostly in silo solutions, with architectures that tend to erode and not keep up with the increasing requirements on performance and service quality. Array Database systems attempt to close this gap by providing declarative query support for fexible ad-hoc analytics on large n-D arrays, similar to what SQL ofers on set-oriented data, XQuery on hierarchical data, and SPARQL and CIPHER on graph data. Today, Petascale Array Database installations exist, employing massive parallelism and distributed processing. Hence, questions arise about technology and standards available, usability, and overall maturity. Several papers have compared models and formalisms, and benchmarks have been undertaken as well, typically comparing two systems against each other. While each of these represent valuable research to the best of our knowledge there is no comprehensive survey combining model, query language, architecture, and practical usability, and performance aspects. The size of this comparison diferentiates our study as well with 19 systems compared, four benchmarked to an extent and depth clearly exceeding previous papers in the feld; for example, subsetting tests were designed in a way that systems cannot be tuned to specifcally these queries. -
GPS Operation V1 4.Fm
Operation of the Courtyard CY490 SPG While Connected to the GPS Receiver No part of this document may be transmitted or reproduced in any form or by any means, electronic or mechanical, including photocopy, recording or any information storage and retrieval system, without permission in writing from Courtyard Electronics Limited. Introduction One of the best sources of reference for both frequency and time, is the Global Positioning System. The GPS system only transmits a complete UTC-GPS time message once every 12.5 minutes. So when powering up the GPS receiver it might be best to wait 12.5 minutes before relying on the GPS time. The CY490 SPG uses a 12 channel GPS receiver. As the SPG is powered the GPS receiver begins searching for satellites from which it can get time, frequency and phase information. In a good reception area as many as 12 satellites may be visible. The SPG only requires 3 satellites to be located and fully decoded before it can start using the GPS data. The search for the first 3 satellites can take up to 3 minutes, but is often accomplished in 2. If less than 3 satellites are available, the SPG will not lock to GPS. The number of satellites can be monitored on the first menu and on the remote control program CY490MiniMessage. The CY490MiniMessage gives a graphic view of satellites and provides much information for the user. GPS and television From a GPS receiver, the Master Clock can derive UTC and also add the appropriate time offset and provide corrected local time.