Lab III: Unix File Recovery Data Unit Level

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Lab III: Unix File Recovery Data Unit Level"

Transcription

1 New Mexico Tech Digital Forensics Fall 2006 Lab III: Unix File Recovery Data Unit Level Objectives - Review of unallocated space and extracting with dls - Interpret the file system information from the superblock - Locate files by block number - Recover files from unallocated blocks - Understand contiguous and noncontiguous files - Using the Autopsy Forensic Browser Procedures Extracting Unallocated Space Step 1 These first steps will be a review of the process you performed in Lab II. Launch your Linux Forensics virtual machine. An image of a disk partition with deleted files to be recovered is provided and located on /dev/hdb1. The image contains a linux ext2 file system. The file, image.sha1.txt contains the hash value of the image. There is another file, fileinfo.txt, that contains the file names, sizes in bytes and hashes of the deleted files you will recover. Mount /dev/hdb1 to /mnt/recover. The image file is located in /mnt/recover/lab3 Question 1: Extract unallocated space to the file image.unalloc.dls and explain your process and the commands you used. Do not forget your job as a forensics investigator is to ensure integrity of the data. Begin by verifying the hash of image.dd matches the hash found in image.sha1.txt. Extract unallocated space using dls. # dls -f linux-ext2 /mnt/recover/lab3/image.dd > Prepared by Regis Cassidy Sandia National Laboratories Page 1

2 /mnt/recover/lab3/image.unalloc.dls Hash your image of unallocated space and add it to the hash file. # sha1sum /mnt/recover/lab3/image.unalloc.dls >> /mnt/recover/lab3/image.sha1.txt Extracting Plaintext from Unallocated Space Step 2 The first four files you are going to recover are plaintext files containing repeating strings that match the file's name. For example, file01 contains multiple strings of file01. You will need to find occurrences of the strings file01, file02, file03 and file04. Question 2: Explain the process and commands you use to extract plaintext from the unallocated image files to the file image.unalloc.str. How will you use grep to locate the files you are looking for? Recall the strings tool you used from Lab 2. # strings -a -t d /mnt/recover/lab3/image.unalloc.dls > /mnt/recover/lab3/image.unalloc.str Create a searchlist.txt file and enter the strings file01, file02, file03 and file04. # grep -f /mnt/recover/lab3/searchlist.txt /mnt/recover/lab3/image.unalloc.str > /mnt/recover/lab3/results.grep Locating Files by Block Numbers Step 3 Recall from Lab 2 that the -t d option for the tool strings included the byte offset in the output. The byte offset is printed before the string. Analyze your results.grep file after running grep and use it to find the byte offset of the first occurrence of the string file01. It is important to realize that this byte offset is associated with image.unalloc.dls (you ran strings against this file) and not the original image.dd file. Prepared by Regis Cassidy Sandia National Laboratories Page 2

3 You are now going to learn new tools for converting the offset in unallocated space to the offset on the actual disk or image. The sleuthkit tool dcalc is used to convert between units from a.dls file to the units in the complete image. A unit is equivalent to the block or cluster size of the file system. First, you have to convert the byte offset found in the strings output to a block offset. Block sizes will be determined by the file system and will vary depending on partition sizes. To get information on the file system use the sleuthkit tool fsstat. # fsstat -f linux-ext2 /mnt/recover/lab3/image.dd less Look for the number by 'Block Size:'. This number is in terms of bytes. Question 3: What is the block size for this image? What is the byte offset for the location of the string file01 in the.dls file. How do you convert this byte offset to a block offset in the.dls file and what is that value? The block size is 1024 bytes. The first occurrence of the string file01 is found at byte offset in the.dls file. Divide this number by the block size 1024 to convert this to a block offset in the.dls file. You should get block number 12. Once you have the block offset for the.dls file you can use dcalc to convert this to an offset in the original whole file. The -u option specifies that you are converting from a.dls block number to the actual block number. # dcalc -f linux-ext2 -u offset /mnt/recover/lab3/image.dd NOTE: offset is the block offset value you found in Question 3 The sleuthkit tool dstat can be useful to add a little assurance that you calculated the right block number. # dstat -f linux-ext2 /mnt/recover/lab3/image.dd offset NOTE: offset is the block offset from the original image file you found using dcalc. The output should confirm that the block is unallocated. If it says it is allocated you know for sure you miscalculated. Prepared by Regis Cassidy Sandia National Laboratories Page 3

4 Extracting Data Blocks Step 4 The sleuthkit tool dcat is used to extract data from a specified block number. You are going to use this tool to recover the actual file. To make life easier, the results of doing a ls -l on the drive before the files were deleted, is made available to you. View the fileinfo.txt file and find the filesize of file01. Notice it is the exact size of a single block on this file system (not very likely to happen normally). dcat extracts data one block at a time so with dcat you should easily be able to recover file01 in its exact form. # dcat -f linux-ext2 /mnt/recover/lab3/image.dd block > /mnt/recover/lab3/file01 NOTE: block is the new value you found from running dcalc Verify the file size for file01 is correct. # ls -l /mnt/recover/lab3/file* Take the hash of the file you just recovered and compare it with the hash in fileinfo.txt. They should match! Partial Block File Sizes Step 5 Generally, files will not be the exact size of a block or multiples of blocks. The end of the file, most likely, will fall somewhere in the middle of a block. Question 4: Using the methods you learned above, determine the location of file02 in the image.dd file. How did you do this and what block number did you find? Analyzing the results.grep file you find that the first occurrence of the string file02 is at byte offset Divide this by the block size, 1024, to get a block offset of 13 in the.dls file. Use dcalc to convert this to the block found in image.dd Prepared by Regis Cassidy Sandia National Laboratories Page 4

5 # dcalc -f linux-ext2 -u 13 /mnt/recover/lab3/image.dd File02 is found at block number 271 in the image.dd file. Question 5: Use dcat to extract the block you found in Question 4. You may have recovered the data in file02, but is this an exact copy of the original file02? What has happened? # dcat -f linux-ext2 /mnt/recover/lab3/image.dd 271 > /mnt/recover/lab3/file02 Dcat extracts data unit sizes determined by the block size. Extracting block 271 give you a file 1024 bytes long, but in the fileinfo.txt file you should see that the original file02 file was only 950 bytes in size. Taking the hash of the recovered file will not match the original hash. Use less to view your file02 file. You will notice garbage characters at the end that don't actually belong in the original file. You will next use a plaintext editor or a hex editor to open file02 and delete the data that does not belong in the file. Khexedit is a great tool to view the file in hex and its ascii representation. A shortcut to khexedit is located on your toolbar. It makes deleting the extra characters easy because the left most column lists the byte offset. Make sure in the 'View' menu that 'Offset in Decimal' is selected. Place your cursor at byte offset 950 in the hex window and delete the remaining characters. The file size of the recovered file and the original should match. Once they do, be sure to compare the hashes. Question 6: You may not want to delete this extra data without giving it some attention first. What may be useful about this data? You should recognize the extra data as being the slack of the file you are recovering. Recall from Lab 2 that slack space proves to sometimes contain useful evidence. Recovering Files in Contiguous Blocks Step 6 You have recovered two files that were contained in a single block. Larger files will obviously be spread across multiple blocks. Question 7: Determine the location of file03 in the image.dd file. How did Prepared by Regis Cassidy Sandia National Laboratories Page 5

6 you do this and what block number did you find? Analyzing the results.grep file you find that the first occurrence of the string file03 is at byte offset Divide this by the block size, 1024, to get a block offset of 14 in the.dls file. Use dcalc to convert this to the block found in image.dd # dcalc -f linux-ext2 -u 14 /mnt/recover/lab3/image.dd File03 is found at block number 272 in the image.dd file. Question 8: Notice the filesize of file03 in fileinfo.txt. What can you determine about this file that will be useful for recovering this file? File03 is 2000 bytes long which is larger then the block size. This file will be associated with two blocks and both those blocks will need to be extracted. dcat allows you to specify the number of data units (blocks) to extract. Extracting multiple blocks will be done in consecutive order. Therefore, to recover an entire file in this manner, that file must exist on disk in contiguous blocks. Use dcat to extract file03. # dcat -f linux-ext2 /mnt/recover/lab3/image.dd unit_addr num NOTE: unit_addr is the block number you found and num is the number of blocks you determined the file uses. Don't forget to modify the file so that the filesize is correct. Compare the hashes. Recovering Files in Noncontiguous Blocks Step 7 Files will not always be on disk in contiguous blocks. Notice in your results.grep file that file04 is found at byte offset and again at offset Since the offsets are so far apart, it is a good indication that the file is fragmented. Question 9: How many blocks will file04 use? Use the results.grep file to determine how the file is fragmented. What blocks do you need to recover? Prepared by Regis Cassidy Sandia National Laboratories Page 6

7 File04 is 3030 bytes long according to the fileinfo.txt file. Therefore, this file will be located on three different blocks. By looking at the results.grep file it looks like there is one block worth of data starting at byte offset and two blocks worth of data starting at block Using dcalc you should find that file04 is located on blocks 274, 778 and 779. You are going to use dcat to extract file04 in parts. Question 10: How will you use dcat to extract all the blocks for file04? Name each part file04-p1, file04-p2, etc. (Hint: you should only have to use dcat two times to extract all the data blocks). # dcat -f linux-ext2 /mnt/recover/lab3/image.dd 274 > /mnt/recover/lab3/file04-p1 # dcat -f linux-ext2 /mnt/recover/lab3/image.dd > /mnt/recover/lab3/file04-p2 Once you have extracted all the blocks associated with file04 you are ready to piece them back together to form the entire file. The easiest method is using the linux cat command. # cat /mnt/recover/lab3/file04-p* > /mnt/recover/lab3/file04 Modify the file to fit the original filesize and compare hashes. Extra Credit: dd can be used for more then just imaging an entire disk. You can also use it to recover files. Show how you would use dd to recover file03. Construct your command so that you do not need to make any modifications to the file to make the filesize match. Use dd to write out a single byte at a time. You will need to skip to the byte offset that file03 is located at. Recall file03 is at block 272, so multiply this by 1024 to get the byte offset. #dd if=/mnt/recover/lab3/image.dd of=/mnt/recover/lab3/file03.dd bs=1 skip= count=2000 Recovery of a Non-plaintext File Step 8 Prepared by Regis Cassidy Sandia National Laboratories Page 7

8 The last file that exists on the image is a non-plaintext file. Parts of the file may be in plaintext, but it also contains binary data. It is very difficult, at the data unit layer, to recover these types of deleted files if they are noncontiguous on disk. Look at fileinfo.txt to view the filesize of file05. Do the math and you see that this file must exist across 22 blocks. File05 is a document that discusses a new type of Microsoft keyboard. Use grep to search for occurrences of keyboard. # grep keyboard /mnt/recover/lab3/image.unalloc.str The searchword keyboard is found at block 883 using dcalc. The entire text of the document can be viewed by looking at 3 blocks. # dcat -f linux-ext2 /mnt/recover/lab3/image.dd less However, you know from the filesize that this is not the entire document. The large filesize compared with the small amount of plaintext is a good indication the original file contains binary data. Also, if you didn't know the filesize, the fact that the plaintext starts in the middle of a block is also a good indication of preceding binary data. This file is noncontiguous on disk so it is very difficult to discover the blocks containing binary data associated with this file. A searchlist would be of little use. Here is a list of blocks associated with file05 : Direct Blocks: Indirect Blocks: Recall that an inode can list up to 12 blocks. The thirteenth block (11209 in this case) is used to point to the remaining blocks. Question 11: List the commands you would take to recover file05. # dcat -f linux-ext2 /mnt/recover/lab3/image.dd > /mnt/recover/lab3/file05-p1 # dcat -f linux-ext2 /mnt/recover/lab3/image.dd > /mnt/recover/lab3/file05-p2 Prepared by Regis Cassidy Sandia National Laboratories Page 8

9 # dcat -f linux-ext2 /mnt/recover/lab3/image.dd > /mnt/recover/lab3/file05-p3 # dcat -f linux-ext2 /mnt/recover/lab3/image.dd > /mnt/recover/lab3/file05-p4 # cat /mnt/recover/lab3/file05-p* > /mnt/recover/lab3/file05 Use khexedit to delete all characters at and after byte offset # cat /mnt/recover/lab3/fileinfo.txt # sha1sum /mnt/recover/lab3/file05 The sleuthkit tool file can be used determine the type of file. # file /mnt/recover/lab3/file05 Question 12: What type of file is file05? What type of useful information can be found in the other 19 blocks? File05 is a Microsoft Word Document. By looking at the other 19 blocks of this file you can determine what application and version number was used to create the file (MS Word v. 10 in this case), the owner's username (pmwatso) and so on. Using the Autopsy Forensic Browser Step 9 Autopsy is a web front end, written in perl, for the sleuthkit set of tools. Autopsy should be started from the command line using the -d option which specifies the working directory for autopsy. All log and output files from autopsy will be stored in this specified directory. Make an autopsy working directory # mkdir /mnt/recover/lab3/autopsy Start autopsy # autopsy -d /mnt/recover/lab3/autopsy Prepared by Regis Cassidy Sandia National Laboratories Page 9

10 The web address autopsy prints to the screen has been bookmarked in your browser. From your toolbar, launch the mozilla web browser. From the links bar start autopsy. The first part of setting up a case in autopsy may seem tedious, but can be important if working on a real case. Click 'New Case'. Name the case Lab3. Use your name for an investigator and click 'New Case' and then 'ok'. When you see the new case listed in the Case Gallery click the OK button. Next click 'Add Host'. The hostname is to keep record of what computer is used for doing the investigation. Enter 'vmware-forensics' in the host name field. Enter MST for the Timezone. Click 'Add Host'. Click 'Ok' and then 'Add Image'. The location is used to specify the image file. Enter /mnt/recover/lab3/image.dd. Keep the Import Method at symlink. Change the file system type to linux-ext2. Mount point should be set to /. Select 'Calculate the hash value for this image' and click 'Add Image'. Notice, autopsy calculates hashes using a md5sum so it will not match the image.sha1.txt. Click 'Ok' twice and you receive a toolbar in the top frame of the browser. Click the 'Image Details' button. Question 13: What command line tool can be used to generate the same output shown? Fsstat Next Click the 'Keyword Search' button. Here you can extract unallocated space as if you used dls at the command line. You can also extract strings from the entire image or just the dls file. You should be able to associate each of the buttons on this page with the tools you have already used on the command line. Extract strings from the image.dd file. Extract unallocated space to image.dls and then extract strings on that file. All output files from autopsy are saved to Prepared by Regis Cassidy Sandia National Laboratories Page 10

11 /mnt/recover/lab3/autopsy/lab3/vmware-forensics/output. You can now do a keyword search on either the original image or unallocated image. On the original image do a search for the string file03. Notice there is a match at blocks 272 and 273. This should be the same results you got on the command line earlier. Question 14: There was another match for file03 in allocated space. When viewing the contents of that block, what does it look like? What can you conclude from this about deleted files? The contents of this block look like a directory listing. Because you know that these files have been deleted you can conclude that on a ext2 file system, if a file is deleted, evidence of that file will remain associated with that directory. Next, click on the 'Data Unit' tab. For Fragment Number enter 272 and specify the number of fragments as two. The default view is in strings format. Experiment with the different views by clicking the links for ascii and hex. If this were a real case you would want to take careful notes of your findings. Click the 'Add Note' button. Type a note such as Found the beginning of the deleted file, file03 here. Close the window. Autopsy can be used to recover files as well. You should be back at the window where you are viewing fragments Click 'Export Contents'. Use the save dialog box to create a new directory /mnt/recover/lab3/autopsy/recovered. Save the file as file03 in the new directory. Question 15: What tool do you think autopsy is the frontend for that exports the contents of a data block? Is the file you exported an exact copy of the original and if not, why? 'Export Contents' is the frontend for dcat in autopsy. Because it is dcat, exported files will have sizes of full blocks. To recover the file in its original state the extra slack must be deleted. You will be exploring more of autopsy in future labs. You will also be learning how to recover files at the meta data layer which can make it possible to easily recover noncontiguous files. Prepared by Regis Cassidy Sandia National Laboratories Page 11

12 Step 10 It is very important to do these next steps so that the lab is properly set up for the person who uses the computer after you. Unmount any drives you mounted and shutdown the VMWare system. In VMWare, revert 'Linux - Forensics' back to the snapshot by clicking the 'Revert' button. From the c:\vmware-images\linux - Forensics\ directory remove all files beginning with 'Linux Forensics-Image'. Question 16: What are your comments and suggestions for this lab? Prepared by Regis Cassidy Sandia National Laboratories Page 12

Lab V: File Recovery: Data Layer Revisited

Lab V: File Recovery: Data Layer Revisited New Mexico Tech Digital Forensics Fall 2006 Lab V: File Recovery: Data Layer Revisited Objectives - Perform searches based on file headers - Data Carving with Foremost - Zip password recovery Procedures

More information

Lab I: Disk Imaging and Cloning

Lab I: Disk Imaging and Cloning New Mexico Tech Digital Forensics Fall 2006 Lab I: Disk Imaging and Cloning Objectives - Use VMWare and modify device configuration in a VMWare system - Image a drive to a file - Extract individual partitions

More information

Introduction to The Sleuth Kit (TSK) By Chris Marko. Rev1 September, 2005. Introduction to The Sleuth Kit (TSK) 1

Introduction to The Sleuth Kit (TSK) By Chris Marko. Rev1 September, 2005. Introduction to The Sleuth Kit (TSK) 1 Introduction to The Sleuth Kit (TSK) By Chris Marko Rev1 September, 2005 Introduction to The Sleuth Kit (TSK) 1 This paper provides an introduction to The Sleuth Kit (referred to as TSK herein), from Brian

More information

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics Digital Forensics Lecture 3 Hard Disk Drive (HDD) Media Forensics Current, Relevant Topics defendants should not use disk-cleaning utilities to wipe portions of their hard drives before turning them over

More information

Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)

Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+) Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative

More information

Open Source Data Recovery

Open Source Data Recovery Open Source Data Recovery Options and Techniques CALUG MEETING October 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing only myself

More information

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR Supervised by : Dr. Lo'ai Tawalbeh New York Institute of Technology (NYIT)-Jordan X-Ways Software Technology AG is a stock corporation

More information

Digital Forensics For Unix. The SANS Institute

Digital Forensics For Unix. The SANS Institute Digital Forensics For Unix The SANS Institute John Green john@cybersecuritysciences.com Hal Pomeranz hal@deer-run.com 1 1 Forensics in a Nutshell Evidence seizure Investigation and analysis Reporting results

More information

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze

More information

Where is computer forensics used?

Where is computer forensics used? What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic

More information

X-Ways Software Technology AG. WinHex. Clearing Computer Media. Instructions

X-Ways Software Technology AG. WinHex. Clearing Computer Media. Instructions X-Ways Software Technology AG WinHex Clearing Computer Media Instructions 1 Introduction This paper discusses how to clear or sanitize magnetic storage media using the WinHex software (http://www.winhex.com/winhex/)

More information

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can

More information

Creating Student e-mail List from Agresso

Creating Student e-mail List from Agresso Creating Student e-mail List from Agresso Contents 1. Extracting Class email addresses... 1 2. Distribution list... 4 3. Sending mass e-mail to students... 7 1. Extracting Class email addresses 1. In Agresso

More information

MICROSOFT EXCEL 2011 MANAGE WORKBOOKS

MICROSOFT EXCEL 2011 MANAGE WORKBOOKS MICROSOFT EXCEL 2011 MANAGE WORKBOOKS Last Edited: 2012-07-10 1 Open, create, and save Workbooks... 3 Open an existing Excel Workbook... 3 Create a new Workbook... 6 Save a Workbook... 6 Set workbook properties...

More information

StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection

StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection www.starwindsoftware.com Copyright 2008-2011. All rights reserved. COPYRIGHT Copyright

More information

GOOGLE DOCS APPLICATION WORK WITH GOOGLE DOCUMENTS

GOOGLE DOCS APPLICATION WORK WITH GOOGLE DOCUMENTS GOOGLE DOCS APPLICATION WORK WITH GOOGLE DOCUMENTS Last Edited: 2012-07-09 1 Navigate the document interface... 4 Create and Name a new document... 5 Create a new Google document... 5 Name Google documents...

More information

Determining VHD s in Windows 7 Dustin Hurlbut

Determining VHD s in Windows 7 Dustin Hurlbut Introduction Windows 7 has the ability to create and mount virtual machines based upon launching a single file. The Virtual Hard Disk (VHD) format permits creation of virtual drives that can be used for

More information

Working with Macros. Writing a Macro

Working with Macros. Writing a Macro Working with Macros 1 Working with Macros THE BOTTOM LINE A macro is a sequence of keystrokes or mouse commands saved together that can be performed by issuing a single command. When working in Word, you

More information

BackTrack Hard Drive Installation

BackTrack Hard Drive Installation BackTrack Hard Drive Installation BackTrack Development Team jabra [at] remote-exploit [dot] org Installing Backtrack to a USB Stick or Hard Drive 1 Table of Contents BackTrack Hard Drive Installation...3

More information

How to install and use the File Sharing Outlook Plugin

How to install and use the File Sharing Outlook Plugin How to install and use the File Sharing Outlook Plugin Thank you for purchasing Green House Data File Sharing. This guide will show you how to install and configure the Outlook Plugin on your desktop.

More information

Using SQL Server Management Studio

Using SQL Server Management Studio Using SQL Server Management Studio Microsoft SQL Server Management Studio 2005 is a graphical tool for database designer or programmer. With SQL Server Management Studio 2005 you can: Create databases

More information

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Forensically Determining the Presence and Use of Virtual Machines in Windows 7 Introduction Dustin Hurlbut Windows 7 has the ability to create and mount virtual machines based upon launching a single file.

More information

X-Ways Forensics. Quick Guide

X-Ways Forensics. Quick Guide X-Ways Forensics Quick Guide X-Ways Software Technology AG X-Ways Software Technology AG Carl-Diem-Str. 32 Agrippastr. 37-39 32257 Bünde 50676 Köln Germany Germany Web: http://www.x-ways.net E-mail: mail@x-ways.com

More information

Using. - Training Documentation -

Using. - Training Documentation - Using - Training Documentation - Table of Contents 1. Overview of Argos..1 2. Getting started.....1 Accessing Argos...1 Login to Argos... 1 Log-off.... 2 Password reset or change... 2 3. Understanding

More information

NovaBACKUP. User Manual. NovaStor / May 2014

NovaBACKUP. User Manual. NovaStor / May 2014 NovaBACKUP User Manual NovaStor / May 2014 2014 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without notice.

More information

Working with Office Applications and ProjectWise

Working with Office Applications and ProjectWise Working with Office Applications and ProjectWise The main Microsoft Office Applications (Word, Excel, PowerPoint and Outlook) are all integrated with ProjectWise. These applications are aware that ProjectWise

More information

SPHOL207: Database Snapshots with SharePoint 2013

SPHOL207: Database Snapshots with SharePoint 2013 2013 SPHOL207: Database Snapshots with SharePoint 2013 Hands-On Lab Lab Manual This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site

More information

Autopsy. Autopsy is a front end to sluethkit 1.66 which has a series of software programs used to analyze computer hard drives.

Autopsy. Autopsy is a front end to sluethkit 1.66 which has a series of software programs used to analyze computer hard drives. Autopsy St. Louis Security Group 1/26/2004 University of Missouri at St. Louis West County Computer Center Clarence Johnson Clarence@johnsonct.net Autopsy is a front end to sluethkit 1.66 which has a series

More information

Time Stamp. Instruction Booklet

Time Stamp. Instruction Booklet Time Stamp Instruction Booklet Time Stamp Introductions Time stamp is a useful solution for backing up and restoring system, it backs up the entire computer system to the Backup Zone. Time Stamp is used

More information

Installing Oracle Enterprise Linux on VMware Workstation (Version 7.0.0 build-203739)

Installing Oracle Enterprise Linux on VMware Workstation (Version 7.0.0 build-203739) Installing Oracle Enterprise Linux on VMware Workstation (Version 7.0.0 build-203739) The Steps to Install OEL 4.7 on VMWare Workstation 7 is shown below Screen shot 1: This is the first and basic view

More information

Parallels Software International, Inc. Parallels Image Tool. User Guide

Parallels Software International, Inc. Parallels Image Tool. User Guide Parallels Software International, Inc. Parallels Image Tool User Guide (c) 2007 Copyright 2007 by Parallels Software International, Inc. All rights reserved. Parallels, Parallels logo, Compressor, and

More information

How to Copy A SQL Database SQL Server Express (Making a History Company)

How to Copy A SQL Database SQL Server Express (Making a History Company) How to Copy A SQL Database SQL Server Express (Making a History Company) These instructions are written for use with SQL Server Express. Check with your Network Administrator if you are not sure if you

More information

Appendix K Introduction to Microsoft Visual C++ 6.0

Appendix K Introduction to Microsoft Visual C++ 6.0 Appendix K Introduction to Microsoft Visual C++ 6.0 This appendix serves as a quick reference for performing the following operations using the Microsoft Visual C++ integrated development environment (IDE):

More information

How to Backup XenServer VM with VirtualIQ

How to Backup XenServer VM with VirtualIQ How to Backup XenServer VM with VirtualIQ 1. Using Live Backup of VM option: Live Backup: This option can be used, if user does not want to power off the VM during the backup operation. This approach takes

More information

Enhancing the SAS Enhanced Editor with Toolbar Customizations Lynn Mullins, PPD, Cincinnati, Ohio

Enhancing the SAS Enhanced Editor with Toolbar Customizations Lynn Mullins, PPD, Cincinnati, Ohio PharmaSUG 016 - Paper QT1 Enhancing the SAS Enhanced Editor with Toolbar Customizations Lynn Mullins, PPD, Cincinnati, Ohio ABSTRACT One of the most important tools for SAS programmers is the Display Manager

More information

Mesa DMS. Once you access the Mesa Document Management link, you will see the following Mesa DMS - Microsoft Internet Explorer" window:

Mesa DMS. Once you access the Mesa Document Management link, you will see the following Mesa DMS - Microsoft Internet Explorer window: Mesa DMS Installing MesaDMS Once you access the Mesa Document Management link, you will see the following Mesa DMS - Microsoft Internet Explorer" window: IF you don't have the JAVA JRE installed, please

More information

De La Salle University Information Technology Center. Microsoft Windows SharePoint Services and SharePoint Portal Server 2003 READER / CONTRIBUTOR

De La Salle University Information Technology Center. Microsoft Windows SharePoint Services and SharePoint Portal Server 2003 READER / CONTRIBUTOR De La Salle University Information Technology Center Microsoft Windows SharePoint Services and SharePoint Portal Server 2003 READER / CONTRIBUTOR User s Guide Microsoft Windows SharePoint Services and

More information

Bitrix Site Manager ASP.NET. Installation Guide

Bitrix Site Manager ASP.NET. Installation Guide Bitrix Site Manager ASP.NET Installation Guide Contents Introduction... 4 Chapter 1. Checking for IIS Installation... 5 Chapter 2. Using An Archive File to Install Bitrix Site Manager ASP.NET... 7 Preliminary

More information

1 Download & Installation... 4. 1 Usernames and... Passwords

1 Download & Installation... 4. 1 Usernames and... Passwords Contents I Table of Contents Part I Document Overview 2 Part II Document Details 3 Part III EventSentry Setup 4 1 Download & Installation... 4 Part IV Configuration 4 1 Usernames and... Passwords 5 2 Network...

More information

INASP: Effective Network Management Workshops

INASP: Effective Network Management Workshops INASP: Effective Network Management Workshops Linux Familiarization and Commands (Exercises) Based on the materials developed by NSRC for AfNOG 2013, and reused with thanks. Adapted for the INASP Network

More information

Linux in Law Enforcement

Linux in Law Enforcement Linux in Law Enforcement It's all about CONTROL Barry J. Grundy CALUG MEETING JUNE 2008 !! Disclaimer!! This presentation is not sponsored by any organization of the US Government I am here representing

More information

MS Access Lab 2. Topic: Tables

MS Access Lab 2. Topic: Tables MS Access Lab 2 Topic: Tables Summary Introduction: Tables, Start to build a new database Creating Tables: Datasheet View, Design View Working with Data: Sorting, Filtering Help on Tables Introduction

More information

User's Guide. Using RFDBManager. For 433 MHz / 2.4 GHz RF. Version 1.23.01

User's Guide. Using RFDBManager. For 433 MHz / 2.4 GHz RF. Version 1.23.01 User's Guide Using RFDBManager For 433 MHz / 2.4 GHz RF Version 1.23.01 Copyright Notice Copyright 2005 Syntech Information Company Limited. All rights reserved The software contains proprietary information

More information

The SyncBack Management System

The SyncBack Management System The SyncBack Management System An Introduction to the SyncBack Management System The purpose of the SyncBack Management System is designed to manage and monitor multiple remote installations of SyncBackPro.

More information

NAND Flash Memories. Using Linux MTD compatible mode. on ELNEC Universal Device Programmers. (Quick Guide)

NAND Flash Memories. Using Linux MTD compatible mode. on ELNEC Universal Device Programmers. (Quick Guide) NAND Flash Memories Using Linux MTD compatible mode on ELNEC Universal Device Programmers (Quick Guide) Application Note April 2012 an_elnec_linux_mtd, version 1.04 Version 1.04/04.2012 Page 1 of 16 As

More information

Context-sensitive Help Guide

Context-sensitive Help Guide MadCap Software Context-sensitive Help Guide Flare 11 Copyright 2015 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this

More information

Macintosh General Help

Macintosh General Help The Macintosh computers on campus use Mac Operating System 10.6. OS 10.6 differs in many ways from what is now called the classic OS 9. This help sheet will help you to better orient yourself with these

More information

Automate tasks with Visual Basic macros

Automate tasks with Visual Basic macros Automate tasks with Visual Basic macros If you're not familiar with macros, don't let the term frighten you. A macro is simply a recorded set of keystrokes and instructions that you can use to automate

More information

Smart Web. User Guide. Amcom Software, Inc.

Smart Web. User Guide. Amcom Software, Inc. Smart Web User Guide Amcom Software, Inc. Copyright Version 4.0 Copyright 2003-2005 Amcom Software, Inc. All Rights Reserved. Information in this document is subject to change without notice. The software

More information

Converting Microsoft Access 2002 to Pipe-Delimited ASCII Text Files

Converting Microsoft Access 2002 to Pipe-Delimited ASCII Text Files Converting Microsoft Access 2002 to Pipe-Delimited ASCII Text Files Using the Windows XP 2002 Professional Operating System with Service Pack 2 (SP2) Note: Participants must return local Address Lists

More information

Avaya Network Configuration Manager User Guide

Avaya Network Configuration Manager User Guide Avaya Network Configuration Manager User Guide May 2004 Avaya Network Configuration Manager User Guide Copyright Avaya Inc. 2004 ALL RIGHTS RESERVED The products, specifications, and other technical information

More information

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose

More information

Making Database Backups in Microsoft Business Solutions Navision

Making Database Backups in Microsoft Business Solutions Navision Making Database Backups in Microsoft Business Solutions Navision MAKING DATABASE BACKUPS IN MICROSOFT BUSINESS SOLUTIONS NAVISION DISCLAIMER This material is for informational purposes only. Microsoft

More information

IBM Software Hadoop Fundamentals

IBM Software Hadoop Fundamentals Hadoop Fundamentals Unit 2: Hadoop Architecture Copyright IBM Corporation, 2014 US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

More information

XFT A Forensic Analysis Tool for the Microsoft Xbox Game Console

XFT A Forensic Analysis Tool for the Microsoft Xbox Game Console XFT A Forensic Analysis Tool for the Microsoft Xbox Game Console David Collins The Center of Excellence in Digital Forensics Department of Computer Science Sam Houston State University Abstract The array

More information

Hyper-V Protection. User guide

Hyper-V Protection. User guide Hyper-V Protection User guide Contents 1. Hyper-V overview... 2 Documentation... 2 Licensing... 2 Hyper-V requirements... 2 Windows Server 2012 Hyper-V support... 3 2. Hyper-V protection features... 3

More information

Introduction to UNIX and SFTP

Introduction to UNIX and SFTP Introduction to UNIX and SFTP Introduction to UNIX 1. What is it? 2. Philosophy and issues 3. Using UNIX 4. Files & folder structure 1. What is UNIX? UNIX is an Operating System (OS) All computers require

More information

Backing up AIR to Microsoft Windows

Backing up AIR to Microsoft Windows Backing up AIR to Microsoft Windows Dear Valued Customer, Avaya realizes the importance of your data and the significance of a backup and restore strategy for this data. To assist you in performing a backup

More information

User Guide Version 3.0

User Guide Version 3.0 User Guide Version 3.0 Page 2 of 12 Summary Contents 1 INTRODUCTION 3 1.1 WHAT IS FTP? 3 1.2 FTP REQUIRED INFO 3 2 FTP MANAGER 4 2.1 CREATING USERS IN FTP MANAGER 5 2.1.1 Creating a Username in FTP Manager

More information

MS WORD 2007 (PC) Macros and Track Changes Please note the latest Macintosh version of MS Word does not have Macros.

MS WORD 2007 (PC) Macros and Track Changes Please note the latest Macintosh version of MS Word does not have Macros. MS WORD 2007 (PC) Macros and Track Changes Please note the latest Macintosh version of MS Word does not have Macros. Record a macro 1. On the Developer tab, in the Code group, click Record Macro. 2. In

More information

Creating a Participants Mailing and/or Contact List:

Creating a Participants Mailing and/or Contact List: Creating a Participants Mailing and/or Contact List: The Limited Query function allows a staff member to retrieve (query) certain information from the Mediated Services system. This information is from

More information

Appendix A How to create a data-sharing lab

Appendix A How to create a data-sharing lab Appendix A How to create a data-sharing lab Creating a lab involves completing five major steps: creating lists, then graphs, then the page for lab instructions, then adding forms to the lab instructions,

More information

Creating Tables ACCESS. Normalisation Techniques

Creating Tables ACCESS. Normalisation Techniques Creating Tables ACCESS Normalisation Techniques Microsoft ACCESS Creating a Table INTRODUCTION A database is a collection of data or information. Access for Windows allow files to be created, each file

More information

Perceptive Intelligent Capture Solution Configration Manager

Perceptive Intelligent Capture Solution Configration Manager Perceptive Intelligent Capture Solution Configration Manager Installation and Setup Guide Version: 1.0.x Written by: Product Knowledge, R&D Date: February 2016 2015 Lexmark International Technology, S.A.

More information

How to Install Applications (APK Files) on Your Android Phone

How to Install Applications (APK Files) on Your Android Phone How to Install Applications (APK Files) on Your Android Phone Overview An Android application is stored in an APK file (i.e., a file named by {Application Name}.apk). You must install the APK on your Android

More information

In order to upload a VM you need to have a VM image in one of the following formats:

In order to upload a VM you need to have a VM image in one of the following formats: What is VM Upload? 1. VM Upload allows you to import your own VM and add it to your environment running on CloudShare. This provides a convenient way to upload VMs and appliances which were already built.

More information

Quick Start - Virtual Server idataagent (Microsoft/Hyper-V)

Quick Start - Virtual Server idataagent (Microsoft/Hyper-V) Page 1 of 19 Quick Start - Virtual Server idataagent (Microsoft/Hyper-V) TABLE OF CONTENTS OVERVIEW Introduction Key Features Complete Virtual Machine Protection Granular Recovery of Virtual Machine Data

More information

Software License Registration Guide

Software License Registration Guide Software License Registration Guide When you have purchased new software Chapter 2 Authenticating a License When you would like to use the software on a different PC Chapter 3 Transferring a License to

More information

Excel Companion. (Profit Embedded PHD) User's Guide

Excel Companion. (Profit Embedded PHD) User's Guide Excel Companion (Profit Embedded PHD) User's Guide Excel Companion (Profit Embedded PHD) User's Guide Copyright, Notices, and Trademarks Copyright, Notices, and Trademarks Honeywell Inc. 1998 2001. All

More information

Active @ UNDELETE Users Guide

Active @ UNDELETE Users Guide Active @ UNDELETE Users Guide Contents 2 Contents Legal Statement...5 Active@ UNDELETE Overview... 6 Getting Started with Active@ UNDELETE... 7 Active@ UNDELETE Views And Windows... 7 Recovery Explorer

More information

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL SOS Online Backup USER MANUAL HOW TO INSTALL THE SOFTWARE 1. Download the software from the website: http://www.sosonlinebackup.com/download_the_software.htm 2. Click Run to install when promoted, or alternatively,

More information

Customer Success Story: Dragon Medical 360 Network Edition with Microsoft Application Virtualization

Customer Success Story: Dragon Medical 360 Network Edition with Microsoft Application Virtualization Customer Success Story: Dragon Medical 360 Network Edition with Microsoft Application Virtualization Contents Contents 2 Introduction 3 Hardware and Software Configurations 3 Dragon Medical 360 Network

More information

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager Version 2.3 Installation and Configuration Guide 302-002-080 01 Copyright 2013-2015 EMC Corporation. All rights reserved.

More information

LESSON 4 - FILE MANAGEMENT

LESSON 4 - FILE MANAGEMENT LESSON 4 - FILE MANAGEMENT Objective Create a Folder Rename a Folder Create a folder structure Learn how to select files and folders Learn contiguous and non-contiguous selection Learn how to move or copy

More information

Fairfield University Using Xythos for File Sharing

Fairfield University Using Xythos for File Sharing Fairfield University Using Xythos for File Sharing Version 7.0 Table of Contents I: Manage your Department Folder...2 Your Department Folder... 2 II: Sharing Folders and Files Inside of Fairfield U...3

More information

IDS and Penetration Testing Lab ISA656 (Attacker)

IDS and Penetration Testing Lab ISA656 (Attacker) IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible

More information

ACTIVE@ UNDELETE 7.0 USER GUIDE

ACTIVE@ UNDELETE 7.0 USER GUIDE ACTIVE@ UNDELETE 7.0 USER GUIDE COPYRIGHT Copyright 27, LSOFT TECHNOLOGIES INC. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative

More information

Import Filter Editor User s Guide

Import Filter Editor User s Guide Reference Manager Windows Version Import Filter Editor User s Guide April 7, 1999 Research Information Systems COPYRIGHT NOTICE This software product and accompanying documentation is copyrighted and all

More information

Chapter 4 Accessing Data

Chapter 4 Accessing Data Chapter 4: Accessing Data 73 Chapter 4 Accessing Data The entire purpose of reporting is to make sense of data. Therefore, it is important to know how to access data locked away in the database. In this

More information

II. Creating Your Website

II. Creating Your Website II. Creating Your Website In this part of Dazzle the Web with Dynamic Dreamweaver, we will learn the following skills: 1. Define a website 2. Create our home page 3. Add content to the home page 4. Format

More information

Hadoop Basics with InfoSphere BigInsights

Hadoop Basics with InfoSphere BigInsights An IBM Proof of Technology Hadoop Basics with InfoSphere BigInsights Part: 1 Exploring Hadoop Distributed File System An IBM Proof of Technology Catalog Number Copyright IBM Corporation, 2013 US Government

More information

Overview... 2. Customer Login... 2. Main Page... 2. VM Management... 4. Creation... 4 Editing a Virtual Machine... 6

Overview... 2. Customer Login... 2. Main Page... 2. VM Management... 4. Creation... 4 Editing a Virtual Machine... 6 July 2013 Contents Overview... 2 Customer Login... 2 Main Page... 2 VM Management... 4 Creation... 4 Editing a Virtual Machine... 6 Disk Management... 7 Deletion... 7 Power On / Off... 8 Network Management...

More information

ESX System Analyzer Version 1.0 Installation Guide

ESX System Analyzer Version 1.0 Installation Guide ESX System Analyzer Version 1.0 Installation Guide Page 1 Table of Contents ESX System Analyzer Installation Guide 1. Installing ESX System Analyzer... 3 ESX System Analyzer Appliance Distribution... 3

More information

CTERA Agent for Linux

CTERA Agent for Linux User Guide CTERA Agent for Linux September 2013 Version 4.0 Copyright 2009-2013 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written

More information

Backup Assistant. User Guide. NEC NEC Unified Solutions, Inc. March 2008 NDA-30282, Revision 6

Backup Assistant. User Guide. NEC NEC Unified Solutions, Inc. March 2008 NDA-30282, Revision 6 Backup Assistant User Guide NEC NEC Unified Solutions, Inc. March 2008 NDA-30282, Revision 6 Liability Disclaimer NEC Unified Solutions, Inc. reserves the right to change the specifications, functions,

More information

FTP Manager. User Guide. July 2012. Welcome to AT&T Website Solutions SM

FTP Manager. User Guide. July 2012. Welcome to AT&T Website Solutions SM July 2012 FTP Manager User Guide Welcome to AT&T Website Solutions SM We are focused on providing you the very best web hosting service including all the tools necessary to establish and maintain a successful

More information

Plesk 8.3 for Linux/Unix Acronis True Image Server Module Administrator's Guide

Plesk 8.3 for Linux/Unix Acronis True Image Server Module Administrator's Guide Plesk 8.3 for Linux/Unix Acronis True Image Server Module Administrator's Guide Revision 1.0 Copyright Notice ISBN: N/A SWsoft. 13755 Sunrise Valley Drive Suite 600 Herndon VA 20171 USA Phone: +1 (703)

More information

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7

Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7 Symantec PGP Whole Disk Encryption Hands-On Lab V 3.7 Description This hands-on lab session covers the hard drive encryption technologies from PGP. Students will administer a typical Whole Disk Encryption

More information

NetWrix Server Configuration Monitor

NetWrix Server Configuration Monitor NetWrix Server Configuration Monitor Version 2.2 Quick Start Guide Contents NetWrix Server Configuration Monitor Quick Start Guide 1. INTRODUCTION... 3 1.1 KEY FEATURES... 3 1.2 LICENSING... 4 1.3 HOW

More information

Evaluator s Guide. PC-Duo Enterprise HelpDesk v5.0. Copyright 2006 Vector Networks Ltd and MetaQuest Software Inc. All rights reserved.

Evaluator s Guide. PC-Duo Enterprise HelpDesk v5.0. Copyright 2006 Vector Networks Ltd and MetaQuest Software Inc. All rights reserved. Evaluator s Guide PC-Duo Enterprise HelpDesk v5.0 Copyright 2006 Vector Networks Ltd and MetaQuest Software Inc. All rights reserved. All third-party trademarks are the property of their respective owners.

More information

IN THE WORKSHOP Tip #14

IN THE WORKSHOP Tip #14 IN THE WORKSHOP Tip #14 Smart Grid tools accelerate your component creation Summary May 2007 Author: Phil Loughhead Component creation is a fundamental part of the design process, and must be done accurately.

More information

Dual-boot Windows 10 alongside Windows 8

Dual-boot Windows 10 alongside Windows 8 Most of the people are very much interested to install the newly launched Operating System Windows 10 on their devices. But, it is not recommended to directly use Windows 10 as the primary OS because it

More information

Lab 20: Cryptography

Lab 20: Cryptography CompTIA Security+ Lab Series Lab 20: Cryptography CompTIA Security+ Domain 6 - Cryptography Objective 6.1: Summarize General Cryptography Concepts Document Version: 2013-08-02 Organization: Moraine Valley

More information

Forensic Investigator. Module XI Linux Forensics

Forensic Investigator. Module XI Linux Forensics Computer Hacking Forensic Investigator Module XI Linux Forensics Module Objective This module will familiarize you with the following: Use of Linux as a forensic tool. Recognizing partitions in Linux.

More information

Lukas Limacher Department of Computer Science, ETH. Computer Forensics. September 25, 2014

Lukas Limacher Department of Computer Science, ETH. Computer Forensics. September 25, 2014 Lukas Limacher Department of Computer Science, ETH Zürich Computer Forensics September 25, 2014 Contents 9 Computer Forensics 1 91 Objectives 1 92 Introduction 2 921 Incident Response 2 922 Computer Forensics

More information

Virtual Hard Disk Forensics Using EnCase

Virtual Hard Disk Forensics Using EnCase Virtual Hard Disk Forensics Using EnCase Randy Nading, EnCE Security+ Computer Forensic Analyst, Jacobs Technology www.encase.com/ceic Agenda I. Virtual Hard Disks (VHDs) as Evidence Containers Hands On

More information

Technote 20 Using MSIE to FTP into an AcquiSuite

Technote 20 Using MSIE to FTP into an AcquiSuite Technote 20 Using MSIE to FTP into an AcquiSuite Author: Stephen Herzog This document discusses the use of Microsoft Internet Explorer to FTP into the AcquiSuite. Other browsers such as Firefox should

More information

Recording Supervisor Manual Presence Software

Recording Supervisor Manual Presence Software Presence Software Version 9.2 Date: 09/2014 2 Contents... 3 1. Introduction... 4 2. Installation and configuration... 5 3. Presence Recording architectures Operating modes... 5 Integrated... with Presence

More information

AccXES Account Management Tool Administrator s Guide Version 10.0

AccXES Account Management Tool Administrator s Guide Version 10.0 AccXES Account Management Tool Administrator s Guide Version 10.0 701P41531 May 2004 Trademark Acknowledgments XEROX, AccXES, The Document Company, and the identifying product names and numbers herein

More information

SHAREPOINT 2010 FOUNDATION FOR END USERS

SHAREPOINT 2010 FOUNDATION FOR END USERS SHAREPOINT 2010 FOUNDATION FOR END USERS WWP Training Limited Page i SharePoint Foundation 2010 for End Users Fundamentals of SharePoint... 6 Accessing SharePoint Foundation 2010... 6 Logging in to your

More information