Hash databases are used to quickly identify known good and known bad files using the MD5 or SHA-1 checksum value. Autopsy uses three types of hash databases to help the investigator reduce the number of files that they have to look at.
The NIST National Software Reference Library (NSRL) contains hashes of files that are found in operating systems and software distributions. These files are known to be good in that they came from trusted sources and are typically on authorized systems. When processing files in the image, this database can be used to ignore files because they are assumed to be known and therefore uninteresting. The location of this database is configured when Autopsy is installed. The NSRL must be obtained from NIST at www.nsrl.nist.gov.
[ add comment ] ( 20 views ) | [ 0 trackbacks ] | permalink
http://www.openldap.org/faq/data/cache/185.html
[ add comment ] ( 19 views ) | [ 0 trackbacks ] | permalink
/usr/sbin/tcpdump -nvX 'tcp and port 80 and dst 172.28.182.70'
[ add comment ] ( 11 views ) | [ 0 trackbacks ] | permalink
http://s.ica.cz/cgi-bin/crt_spub.cgi
[ add comment ] ( 19 views ) | [ 0 trackbacks ] | permalink
http://www.truthdig.com/
http://www.blisty.cz/
http://www.godlikeproductions.com/
http://www.examiner.com
http://cfp2.miroslavsuja.cz/
http://www.jetotak.sk
http://www.noveslovo.sk
[ add comment ] ( 19 views ) | [ 0 trackbacks ] | permalink
#!/usr/bin/python
import sys
def main():
'''Why does the sys module have "argv" but no "argc"?
http://www.python.org/search/hypermail/ ... /1034.html
If there was a sys.argc, then you would have to remember to
update its value whenever you changed sys.argv.
While this may not be common in C, it's not unusual in Python.
'''
argc = len(sys.argv)
print "number of arguments is: ", argc
if __name__ == '__main__':
main()
[ add comment ] ( 21 views ) | [ 0 trackbacks ] | permalink
>>> import md5
>>> foo = md5.new("hohoho!")
>>> foo.hexdigest()
'14874050f4928b54f58b6d292a681f00'
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
Allow cgi scripts, then follow the lightsquid documentation.
http://lightsquid.sourceforge.net/
/etc/httpd/conf.d/lightsquid.conf
<Directory "/var/www/html/lightsquid">
DirectoryIndex index.cgi
Options +ExecCGI
AddHandler cgi-script .cgi
AllowOverride All
</Directory>
/etc/httpd/conf/httpd.conf
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler cgi-script .cgi
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
create cpio archive
find . | cpio -o > archive
extract cpio archive
cpio -id < archive
[ add comment ] ( 9 views ) | [ 0 trackbacks ] | permalink
http://www.usefilm.com/image/1602465.html
[ 2 comments ] ( 32 views ) | [ 0 trackbacks ] | permalink