Search this site

Wednesday, August 29, 2012

Auto Scroll to down/bottom problem in Windows

The Problem: Whenever you double clicks a Folder or a MS Word/Excel document or Task Manager,  it automatically scrolls to down bottom. You also get problem in adjusting Volume bars and combo-boxes.

Windows:  The problem is found on Windows Vista/Win 7 .... for both Desktops & Laptops.

Solution: If all other features of your Windows are working properly, then it is not outcome of any Virus infection. There may be problem with Mouse (Wired/Wireless). Following steps may help you:
1. Clean your Mouse.
2. Go to Control Panel > Device Manager and navigate to your USB or Synaptic PS2 Mouse ("Mice and other pointing devices"). Right click and go to Driver tab, click Uninstall button to un-install the Driver.
3. Restart your system. Windows will automatically detect Mouse and install its Driver. On successful installation the Mouse should work properly and the problem of auto scroll to down should vanish.

4. If on restart, your system asks for Restart now/ Restart Later options, and on restarting the problem persists, then best option is replace your Mouse,  or as a temporary measure you can do following:
 i) repeat Step-2.
 ii). on restart, if your system asks for Restart now/ Restart Later options, then select 'Restart Later', keep working normally, and at the time of system-Turn -offuse Hibernate option. It shall keep preserved, and you won't get the restart message and the auto scroll to bottom problem.

Monday, August 27, 2012

Keepvid not working on Ubuntu Linux!! Java Applets are not working on Ubuntu Linux (Mozilla Firefox, Google Chromium Browsers)!! is one the popular websites which allows downloading and saving videos directly from Youtube, Google, Metacafe etc.

The website uses Java Applet for fetching and saving videos. Java Applets are also used by several Commercial, Financial and Online Game websites. For running Java Applets, your browser should have Java Plugins installed.

It has been found that, default Ubuntu installation does not provide Java Plugin support for browsers (Mozilla and Chromium). To install Java Plugin, open Ubuntu Software Center (Synaptic Package Manager) and search 'java' and install a Java Plugin, as shown in image below:

and Restart your browser. It should work!!

Saturday, August 25, 2012

Computer Forensics/Digital Forensics: using EnCase! Basic Steps & some Tips!

Computer Forensic is very similar to a post-Mortem examination for finding reasons of death. Difference is:

1. Here you have a Computer/Router/Switch/Firewalls/IDS/Hard/Disk/CD/USB/Floppy/Windows Event logs/Proxy server logs/DHCP server logs/Mobile phone/Camera Flash Memory in place of human body.
2. In place of finding reasons of “Death”, we try to:
  • Track down the author of a threatening email. (by a psychopath or a terrorist)
  • Recover files intentionally deleted by a disgruntled employee.
  • Determine the root cause of a computer compromise. (hacker)
In-house Computer Forensics/Digital Forensics

In-house Computer Forensics/Digital Forensics capabilities are must for companies and enterprises. It helps in investigating data leak incidents, intellectual copy right thefts and other critical incidences. Companies dealing with sensitive customer information like credit card numbers, and other financial information would not like to involve an outsider for Computer Forensics.

Different Tools required for the Forensic?

At a minimum, you will need:
  • An acquisition tool to perform forensic duplications (back-up) (Example: FTK Imager (new name AccesData), EnCase (Windows based GUI or LinEn or DOS Boot), Hardware: Logicube
  • Deleted data recovery tool
  • Basic text search and manipulations/analysis tools
  • A data integrity verification tool
  • Complete packages such as EnCase, the NTI suite, and The Coroners Toolkit (TCT) offer support and court-proven solutions for the computer forensic analyst.
  • Certification programs from organizations like SANS
Locations where digital evidence may be found include the following:
  • The suspect's machine
  • In the case of a hacking incident, the target machine
  • Switches, routers, firewalls, and other network devices
  • Log servers (proxy logs, DHCP logs, and Windows event logs)
  • Media (floppy disks, CD-Rs, CompactFlash cards)
  • Other electronic devices (PDAs, cell phones, digital cameras)

Encase is a Computer Forensics/Digital Forensics tool from Guidance Software ( It includes tools for data acquisition, deleted data recovery, search & analysis and integrity verification.

Encase Forensics

Here are some basic steps for carrying out Computer Forensics using Encase:

1. Assume we need to do Forensic Analysis of a compromised/crime-suspected Computer

2. For a computer there are several components for which Computer Forensics can be carried out, such as Disk Drive (DD), RAM, USB storage device, etc. Here, we will focus on Disk Drive only

3. Data Acquisition: The first step a Computer Forensics investigation is to acquisition of the evidence. That is: to obtain a bit-wise replica of the disk drive without compromising its integrity. To ensure integrity of the disk drive, all write-operation must be blocked while imaging. For this, combination of acquisition/imaging software such as EnCase or FTK Imager along with a hardware based Write-Blocker bridge such as Tableau Bridge ( can be used.

Common Forensics Acquired File Formats are:

a) DD /RAW (“Disk Dump”)

b) AFF (Advanced Forensic Format)

c) E01 (EnCase )

To acquire image with EnCase and Tableau Bridge:

1. Shutdown the crime-suspected computer. Disconnect the target disk drive from and connect to EnCase host system through Tableau Bridge in Read-Only mode.

2. Open EnCase and create a new Case. Click Add Device and navigate to the target disk drive through ‘Local Drives’ icon. Acquire image of the disk drive by right clicking and choosing ‘Acquire’

3. The image is stored in EnCase format chunks: E01, E02, E03,...etc.

Note: EnCase for DOS Utility (DOS based) and EnCase LinEn Utility (Linux based) are available in form of bootable disks. Crime-suspected computer can be shutdown and rebooted from these bootable disks. These bootable disks allow acquisition of data with software based write-blocker.

4. Data Verification: At the completion of the acquisition process, EnCase calculates an MD5 hash. The hash value is written into the evidence file. When we add evidence file to a case, the CRC value is automatically verified and the hash value for the evidence data is recomputed. It helps to ensure that evidence file has not changed since it was acquired.

Note: To recompute the hash value of the image, right click on the image, and select Hash.

If you have been provided with a Raw Image (example: DD format Disk Image created through FTK Imager) and its hash value or without hash value, then you can compute hash value through md5deep.exe utility from www. for future references:

md5deep -e filename-dd.001

5. Now, Open EnCase and create your Case

6. If you have got Raw Image, then go to File menu and select “Add Raw Image” ; or if you have got EnCase evidence images, then select to add EnCase evidence files

7. Select the type of image as shown in above image: for Example: Disk

8. Deleted files recovery: EnCase allows for the analysis of data located at various locations on the disk image, such as unallocated space and slack space. With the use of multiple file viewers, files can be quickly searched and identified. , EnCase can also recover remnants of deleted or partially overwritten files.

9. Adding Keywords: Encase provides a search engine to locate information anywhere on the disk image. It is recommended to create a keyword list prior to beginning the case. Starting the Search. EnCase allows GREP (regular expression) search expressions also. We can set keywords by choosing View > Keywords from the main menu.

Search Hits can be found by selecting Cases > Search Hits.

10. By right-clicking and selecting Bookmark, important findings can be bookmarked. The bookmarked data can be accessed directly at Cases > Bookmarks

Here are some tips for using EnCase:
  1. Installation: if after installtion of Encase, you find no "Add raw Image" option in File menu: then probably your HASP Dongle drivers could not install properly. Check it and install it from CD.
  2. Avoid running Encase on image located at a USB HDD. You may get performance related issues & frequent Encase-hangs. Better first copy the image to your Local SATA/IDE HDD.
  3. filename-dd.001 : it is a raw image by FTK imager. To do Encase Forensic on this raw image: Go to File menu and select "Add Raw Image". Then, select Image Type as Disk as shown in image below. Do not select the default that is 'None', it will not show Directory/folders graphically. Note: It may take several minutes to load the directory structure, so have patience.
  4. You can switch from Table view to Disk view. It gives good idea of files chunks.
  5. You can save your Case at every step of Forensics.
  6. IP Address is a very good online DNS Tools collection.Its Blacklist Tab shows whether the IP/site is blacklist or not.