Saya sudah pernah membahas Recovery Files menggunakan Scalpel. Anda dapat melihatnya di sini : http://digitoktavianto.web.id/recovery-file-yang-terhapus-recovery-deleted-files.html. Kali ini saya akan membahas menggunaka software yang berbeda, yaitu Foremost.

Foremost adalah salah satu tools yang powerful yang berguna untuk recovery file yang terhapus / mengembalikan data yang terhapus. Pada awalnya Foremost merupakan software yang di develop oleh militer US (Air Force Office of Special Investigation). Foremost merupakan salah satu tools favorit di bidang digital forensic, terutama dalam hal data carving. Kemampuan Foremost dalam mengembalikan data yang sudah terhapus sudah diakui kehebatannya.

Foremost merupakan aplikasi berbasis console yang melakukan recovery file berdasarkan header file, footer file, data struktur data. Foremost dapat bekerja pada image file (.iiso, dll), seperti yang dihasilkan oleh dd, Safeback, Encase, dll, atau langsung pada drive.

Berikut ini step by step instalasi dan penggunaan foremost. Perlu di ketahui Environment OS yang saya gunakan adalah Ubuntu. Bagi anda pengguna Distro lain dapat mendownload file source dan melakukan kompilasi / build file source tersebut.

1. Instalasi foremost

    digit@digit-laptop:~$ sudo apt-get install foremost
   

2. Mengecek partisi kita, dan mencari tahu di bagian partisi mana file-file yang akan kita recover

    digit@digit-laptop:~$ sudo fdisk -l
   

3. Foremost men-support file-file berikut ini untu di recover :

   jpg, gif, png, bmp, avi, exe, mpg, wav, riff, wmv, mov, pdf, ole, doc, zip, rar, htm, cpp, office documents

   Jika file-file yang anda selamatkan tidak ada dalam list file yang di support oleh foremost, tenang saja, anda tetap dapat menambahkannya dalam konfigurasi foremost di /etc/foremost.conf

    digit@digit-laptop:~$ sudo nano /etc/foremost.conf
   

   Format menambahkan file yang ingin di recover oleh foremost adalah :

    #extension   case sensitive size    header  footer
   

   Misalkan saya ingin menambahkan file gzip yang ingin saya selamatkan, maka saya menambahkan sbb :

    gzip  y  1500000  \x1f\x8b\x08
   

   Jika anda tidak mengetahui header atau file type signature, anda bisa mengunjungi web berikut untuk mengetahui jenis ekstensi file beserta header nya :

   http://www.garykessler.net/library/file_sigs.html

4. Percobaan recovery file :

    digit@digit-laptop:~$ sudo foremost -t <tipe file> -i <partisi anda>
   

   Misalnya anda ingin menyelamatkan data yang berada di partisi /dev/sda3 (Lihat partisi dengan menggunakan step nomor 2)

    digit@digit-laptop:~$ sudo foremost -t jpg -i /dev/sda3
   

   Perintah di atas akan melakukan recovery data dengan ekstensi file / type file jpg (gambar, dimana file tersebut berlokasi di /dev/sda3.

5. Output hasil recovery data secara default berada di /home/useranda/output. Secara default folder output tesebut memiliki ownership root, silakan anda dubah menjadi ownership user anda sendiri

    digit@digit-laptop:~$ sudo chown -R user:user /home/user/output
   

   Jika anda ingin menspesifikkan dimana anda ingin menaruh output file anda, silakan gunakan perintah ini :

    digit@digit-laptop:~$ sudo foremost -t jpg -i /dev/sda3 -o /home/backup/
   

6. Jika anda hanya ingin mencari file yang telah terhapus / terformat, anda dapat menggunakan perintah ini :

    digit@digit-laptop:~$ sudo foremost -t gif,pdf -i /dev/sda3
   

   Mencari Office Dokumen :

    digit@digit-laptop:~$ sudo foremost -t ole -i /dev/sda3
   

   Mencari seluruh ekstensi / file type dokumen :

    digit@digit-laptop:~$ sudo foremost -t all -i /dev/sda3
   

   Bagi anda yang menggunakan distribusi Linux yang berbeda, anda dapat mengcompile Foremost dari source. Source file Foremost dapat anda download dari sini :

   http://foremost.sourceforge.net/pkg/foremost-1.5.7.tar.gz

Selamat Mencoba :D

Halo teman. Saya ingin memberikan informasi mengenai adanya Webinar Malware Analysis. Webinar ini diselenggarakan oleh BrithtTalk. Kebetulan saya register Channel IT Security pada BrightTalk Webcast, sehingga saya mendapatkan informasi mengenai adanya Webinar Malware Analysis. Bagi Teman-teman yang bergelut di bidang Malware Analysis, Reverse Engineering, mungkin saja tertarik mengikuti Event Webinar Malware ANalysis ini. Untuk informasi lebih lengkapnya saya copy paste detail event nya dari Website BrightTalk :

http://www.brighttalk.com/webcast/288/48053

Title : Malware Analysis, Let the COmputer Do the Work!

Presenter : Thomas J. QUinian, Malware Researcher

Scheduled Time : Jun 20 2012 8.00 pm Duration : 45 mins

Synopsis :

Malware analysts spend a lot of time alayzing code and looking for indicators of comparisons from advanced persistent threats and even for the most seasoned analyssts the volume of analysis can be prohobitive. In today’s environment malware analysts ned to leverage automated tools to power through large volumes of sample code and quickly receive valuable threat summaries.

Letting the computers do the work allows the analysts to quickly identify files of greatest concern, and focus on remediating especially pernicious attacks. Malicious behaviour can now be right down to the kernel level giving a complete picture of how your network was targeted by a spesific cyber threat.

To attend this event please click : http://www.brighttalk.com/webcast/288/48053

Hai all, kali ini saya ingin berbagi mengenai streaming cloud music menggunakan Nuvola Player. Sayang nya Nuvola Player saat ini hanya tersedia untuk Linux Platform saja.

Mungkin diantara teman-teman sudah tidak asing lagi mengenai layanan cloud music. Banyak provider yang menawarkan layanan ini mulai dari yang berbayar ataupun yang gratis.

Beberapa cloud music provider yang terkenal diantaranya adalah Google Music (saat ini hanya bisa di akses dari US), Amazon Cloud Music, GrooveShark, dll. Untuk melihat komparasi antar layanan cloud music, anda dapat melihat review dari lifehacker disini :

http://lifehacker.com/5812138/cloud-music-comparison-whats-the-best-service-for-streaming-your-library-everywhere

Oke saya akan melanjutkan bagaimana instalasi Nuvola Player. Environment OS yang saya gunakan saat ini adalah Ubuntu 10.04. Bagi anda yang menggunakan distro berbeda, jangan khawatir karena Nuvola Player menyediakan source yang bisa anda build sendiri. :). Berikut ini step by step nya :

1. Tambahkan repository PPA Nuvola Player pada file /etc/apt/sources.list anda :

   digit@digit-laptop:~$ sudo nano /etc/apt/sources.list

   Lalu tambahkan baris ini Bagi anda pengguna Ubuntu 10.04 :

   deb http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu lucid main deb-src http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu lucid main

   Bagi Pengguna Ubuntu 10.10 silakan tambahkan baris ini :

   deb http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu maverick main deb-src http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu maverick main

   Bagi pengguna Ubuntu 11.04 slakan tambahkan baris ini :

   deb http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu natty main deb-src http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu natty main

   Bagi pengguna Ubuntu 11.10 silakan tambahn baris ini :

   deb http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu oneiric main deb-src http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu oneiric main

   Bagi pengguna Ubuntu 12.04 silakan tambahkan baris ini :

   deb http://ppa.launchpad.net/nuvola-player-builders/stable/ubuntu precise main deb-src http://ppa.launchpad.net/nuvola-player- builders/stable/ubuntu precise main

2. Setelah anda menambahkan repository PPA di sources.list anda, silakan anda update sources.list anda, dan install Nuvola Player :

    digit@digit-laptop:~$ sudo apt-get update
   
    digit@digit-laptop:~$ sudo apt-get install nuvolaplayer
   

3. Finish. Sekarang anda bisa menggunakan Nuvola Player anda. Untuk step by step penggunaan silakan lihat Screenshot di bawah ini

Bagi anda pengguna distro lainnya silakan build Nuvola dari Source. Source nya bsia anda download disini :

https://launchpad.net/nuvola-player/releases-1.x/1.0.5/+download/nuvolaplayer-1.0.5.tar.gz

Pilih Layanan CLoud Music anda dari beberapa opsi yang tersedia, saya memilih mencoba Grooveshark

Setelah itu silakan anda cari judul lagu atau artis yang anda ingin dengarkan.

Saya mencari keyword artis Kenny G

Saya langsung masuk ke halaman sang Artist, dan saya dapat memilih lagu-lagu yang ingin saya mainkan :

Saya memainkan salah satu judul lagu yang saya ingin putar :

Mudah bukan? Selamat Mencoba :)

Hello All. Today i just wanna post newbie guide how to backup Vmware ESXi using Vsphere client. Because i am a newbie, especially in Vmware ESXi, it is the first time for me to backup Vmware ESXi. It is just a simple step, but i wanna explain more with picture (screenshot taken from my box), and will explain step by step based on the screenshot.

Basic step to backup Vmware ESXi (and other VM) :

➢ Create a snapshot of VM ➢ Copy files to a backup location ➢ Delete snapshot

Okay, i will explain more the basic step from my screenshot here :

1. Create your Snapshot first. You can do this step using this 2 screenshots :

   

   

2. Open your Vsphere Client, and connect to your Vmware ESXi box :

   

3. After Log In, you can see the inventory. Click Icon Inventory

   

4. After click the Inventory, dou can see the tree directory of your virtual OS.

   

5. Click one of your virtual OS that you wanna backup.

   

6. After Click ypur virtual OS, then click Summary Tab. After taht, you can see icon Data in Datastore

   

7. Right Click icon Data and choose Browse Datastore

   

8. Nah, you can find a list of files from your virtual OS.

   

9. FInd a snapshot file type, or .vmsn extension.

   

10. Right click the .vmsn file (snapshot file) and then Choose Download.

    

11. Choose the location that you wanna save this snapshot / backup file.

    

12. The Download / Backup Process started.

    

Okay.. That’s all from me. Sorry for bad english or misspelled. :D.

Happy Learning :D

I got information from The Geek Stuff Blog about Cron Vs Anacron : http://www.thegeekstuff.com/2011/05/anacron-examples/. I want to rewrite the article, and add some information here.

Cron is great, but it has one weakness: it is designed for machines that are left running continuously. If your machine is turned off when a job falls due, it simply won’t be run, Anacron is a periodic command scheduler similar to some uses of cron, but it does not assume that the system is running continuously. Anacron useful to catch missed daily cron job when your computer is not in active condition.

I have some application that scheduled in cronjob. But i have a problem, where my box is not always in active condition (off). When my computer in inactive condition, my application is not executed by cronjob. This is problem for me, until i find anacron. Anacron will executed scheduler job in active condition. If your computer stay in inactive (off) condition, the job will not executed. Anacron will execute your job once after your computer up or active.

Anacron configuration file located in /etc/anacrontab. Format of anacron :

1

period   delay   job-identifier   command

Field 1 is Recurrence period: This is a numeric value that specifies the number of days.

1 – daily

7 – weekly

30 – monthly

N – This can be any numeric value. N indicates number of days Note: You can also use ‘@monthly’ for a job that needs to be executed monthly.

Field 2 is Delay: This indicates the delay in minutes. i.e X number of minutes anacron should wait before executing the job after the the machine starts.

Field 3 is Job identifier: It is the name for the job’s timestamp file. It should be unique for each job. This will be available as a file under the /var/spool/anacron directory. This file will contain a single line that indicates the last time when this job was executed.

# ls -1 /var/spool/anacron/

test.daily

cron.daily

cron.monthly

cron.weekly

# cat /var/spool/anacron/test.daily 20110507

Field 4 is command: Command or shell script that needs to be executed.

Just like shell scripts, comments inside anacrontab file starts with #

Example of use Anacron :

digit@digit-laptop:~$  sudo cat /etc/anacrontab
1       15      cron.daily     /home/digit/dailyreport.sh

The example job schedule named dailyreport.sh will executed everyday (1) 15 minutes after the pc or laptop active / on. But what happens if the laptop or pc not in off condition? When the job scheduler executed?

Based on this article, Anacron have two methods to start. Two methods of running Anacron on a regular basis are common: You can launch Anacron whenever the computer starts, or you can launch the program via a Cron job. Anacron handles system tasks, but you can also use it to handle the equivalent of user Cron jobs too, so you may want to configure it to run both types of jobs.

Anacron run in startup by default. If you want to run Anacron via cron jobs, you should do some changes. If the computer is shut down and restarted less frequently than once a day, or if you use sleep mode rather than a full shutdown, you may want to run Anacron via a Cron job. You can create an entry in your /etc/crontab file, such as the following, to do the job:

1

17 * * * * root anacron

This entry runs Anacron on the 17th minute of every hour, at which time it checks for jobs and, if necessary, runs them. Note that Anacron runs its jobs only as necessary, so running it less frequently than once an hour gains you little, unless you can predict when the system will be up—and in that case, you might as well use Cron to schedule your jobs.

Running Cron and Anacron Together

I find same case with my case from Serverfault.

I am wondering what will happen if my computer is shutdown during the time or it was turned off before the time when it was schedule to do something ?

Yes, your job won’t be executed by Cron job when your computer in off / inactive condition. Your cron job will execute next loop, for example you make weekly cron job, the job won’t be executed until next week.

If i want to use cron, but when my systme suddenly in off / inactive condition? What should i do? Cron and Anacron is the answer. This is step bys etep example :

As another example, assuming you have a script here: /usr/local/sbin/maint.sh

And you wish to run it every three days, the standard entry in /etc/crontab would look like this:

# m h dom mon dow user  command
0 0 */3 * * root /usr/local/sbin/maint.sh

If your computer was not on at 00:00 on the 3rd of the month, the job would not run until the 6th.

To have the job instead run on the 4th when the computer is off and “misses” the run on the 3rd, you’d use this in /etc/anacrontab (don’t forget to remove the line from /etc/crontab):

# period delay job-identifier command
3 5 maint-job /usr/local/sbin/maint.sh

The “delay” of “5” above means that anacron will wait for 5 minutes before it runs this job. The idea is to prevent anacron from firing things off immediately at boot time.

(Example taken from here.

I also have another example to run Cron and Anacron together From Tuxradar Tutorial : http://www.tuxradar.com/content/automate-linux-cron-and-anacron. But i haven’t test it in my box.

Good Luck :D

Source :

http://www.thegeekstuff.com/2011/05/anacron-examples/

http://www.ibm.com/developerworks/linux/library/l-anacron/index.html

http://serverfault.com/questions/52335/job-scheduling-using-crontab-what-will-happen-when-computer-is-shutdown-during

http://www.tuxradar.com/content/automate-linux-cron-and-anacron

Setelah handset Galaxy Spica saya flash menggunakan ROM GIngerbread Racikan Tomq, saya merasa handset Spica saya sekarang dapat berlari dengan kencang dan mulus. :D Thanks to Luthfi yang membantu saya memberikan info sekaligus mbantuin flashing menggunakan ROM ini. :D. Sekarang saatnya beraksi menggunakan Spica saya.

Teringat saya dahulu pernah berjanji kepada Zaki untuk posting tutorial mengenai integrasi K9 Mail Client + Djigzo di Android untuk komunikasi email secara aman menggunakan S/MIME. ALlhamdulillah tutorialnya sudah jadi, namun saya perlu beberapa screenshot untuk menampilkan layar Android saya beserta step-step untuk memudahkan pembaca. Saya sempat bingung karena dahulu saya menggunakan Aplikasi Shoot Me untuk mengambil screenshot pada layar Android saya, namun sekarang aplikasi itu sudah tidak ada di Market. Saya sempat mencoba beberapa aplikasi seperti Screenshot, namun cara mengambil tangkapan layar Android dengan menggunakan shaking pada handset tidak berhasil. :( Akhirnya setelah berkeliling, saya menemukan sebuah aplikasi yang cukup bagus bernama Screenshot UX Trial.

Screenshot UX Tral ini merupakan aplikasi yang cukup populer di antara pengguna Android. Hal ini terbukti dengan jumlah pendownload yang cukup banyak, di atas 1 juta user. Saya mencoba Aplikasi ini untuk menjajal kemampuan aplikasi ini. Syarat yang harus dipenuhi untuk mencoba aplikasi ini, Handset Android anda harus sudah mempunya akses root terlebih dahulu.

Anda bisa mendownload Screenshot UX Trial ini di sini :

https://play.google.com/store/apps/details?id=com.liveov.shotuxtrial

Berikut saya copy paste dr halaman download tadi mengenai fitur-fitur yang dimiliki Screenshot UX Trial :

• Analyzing possible capture method.
• Intuitive Topmost button to screen shot.
• Shake to screen shot.
• Status bar to screen shot.
• Intuitive Countdown feedback UI before screenshot.
• Edit(Crop, Draw/Undo/Redo, …).
• Share menu integration for Email, MMS, …
• Choose custom save folder
• Fast start shortcut (Long tab empty home screen > Shortcuts > Select ScreenshotUX icon).

Berikut saya lampirkan screenshot dari Screenshot UX Trial ini :

Selamat Mencoba :D

Tadi siang di saat seminar dan Workshop Ubuntu Release Party 12.04 ada salah seorang peserta yang kesulitan menginstall modem Advan DT8-HT Telkomsel Flash di Ubuntu 12.04 milik dia. Kebetulan saat itu dia membawa laptopnya. Iseng-iseng saya coba membantu menyelesaikan problemnya tersebut. Berikut ini langkah-langkah yang harus di jalankan saat instalasi modem Advan DT8-HT Telkomsel Flash pada Ubuntu anda :

1. Tancapkan modem Advan anda pada port USB, lalu setelah beberapa detik silakan ketik ini :

    digit@digit-laptop:~$ lsusb
    Bus xxx Device xxx: ID 19f5:9013
   

   Disana anda akan melihat hasilnya seperti ini –> 19f5:9013

   Vendor ID = 0X19f5

   Product ID = 0X9013

2. Edit file /etc/usb-modeswitch.conf

        digit@digit-laptop:~$ sudo nano /etc/usb-modeswitch.conf
   

   Semua baris di awal di beri tanda #

   Lalu copy paste script di bawah ini :

    ########################################################
    DisableSwitching=0
    EnableLogging=1
   
    # /etc/usb_modeswitch.conf
    #
    # Advan DT8-HT
    #
   
    DefaultVendor = 0X19f5
    DefaultProduct = 0X9013
   
    TargetVendor = 00X19f5
    TargetProduct = 0X9013
   
    MessageContent="5553424312345678c00000008000069f030000000000000000000000000000"
    ########################################################
   

3. Lalu buat file /etc/udev/rules.d/advan.rules

    digit@digit-laptop:~$ sudo nano /etc/udev/rules.d/advan.rules
   
    ########################################################
    # /etc/udev/rules.d/advan.rules
    #
    # Advan Modem   
    #
    SUBSYSTEM==”usb”, SYSFS{idVendor}==”19f5″,
    SYSFS{idProduct}==”9013″, RUN+="/usr/sbin/usb_modeswitch -default-  vendor 0X19f5 -default-product 0X9013 -message-content  5553424312345678c00000008000069f030000000000000000000000000000"
    ########################################################
   

4. Buat file /etc/wvdial.conf

   digit@digit-laptop:~$ sudo nano /etc/wvdial.conf

    ########################################################
    [Dialer telkomsel]
    Init1 = ATZ
    Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
    Stupid Mode = 1
    Modem Type = Analog Modem
    Command Line = ATDT
    ISDN = 0
    New PPPD = yes
    Phone = *99#
    Modem = /dev/ttyUSB0
    Baud = 460800
    ########################################################
   

5. Tes wvdial

    digit@digit-laptop:~$ sudo wvdialconf
   

6. Agar mudah, kita buat shell script yang otomatis menjalankan perintah-perintah di atash. Buat file dengan nama modem.sh di Desktop anda

    digit@digit-laptop:~$ nano /home/digit/Desktop/modem.sh
   

   Lalu isi file modem.sh seperti ini :

    ########################################################
    #!/bin/bash
    sudo eject /dev/sr1
    sleep 2
    sudo modprobe usbserial vendor=0X19f5 product=0X9013
    sleep 2
    sudo wvdial telkomsel
    ########################################################
   

7. Beri akses Executable :

    digit@digit-laptop:~/Desktop$ chmod +x modem.sh
   

8. Jika ingin menjalankan otomatis cukup jalankan file modem.sh tersebut :

    root@digit-laptop:~/Desktop# ./modem.sh
   

Selamat Mencoba :)

PS : Gambar di ambil dari :

http://new-stylenotebook.blogspot.com/2011_08_01_archive.html

Gmail improve security awareness for user by adding new feature : 2 factor authentication. This is abosultely not a new feature. Google has implemented this feature since a year ago. But there is a problem for some android user (like me), that related with this featyre. After activated 2 factor authentication in Gmail, i fail to login to the gmail account in my android handset. The error message say that i have entered wrong username or password. To solve this problem, you have to go to your account setting : https://www.google.com/settings/

1. In the Security Field, there is a 2-step Verification column, and then click edit.

2. Google will lead you to this page –> https://accounts.google.com/b/0/SmsAuthConfig

3. Scroll, and you can see the Option : Application-spesific Password

4. Click Option Manage Application-spesific password

5. Scroll and you can find a column named : Generate new application-specific password

   You can see the bos for example Android, and then click Generate Password

   Google will provide 16 digit random letter. That random letter is your password for your Google Accont in your Android Handset.

6. Finish. Now you can use your Google account in your android handset

Good Luck. :D

Hi all, i have a good information for you. The Debian Administrator’s Handbook, now available to download for FREE. For information about Free Download Ebook Debian Administratod Handbook, please visit this link :

http://debian-handbook.info/2012/the-debian-administrators-handbook-is-available/

Since the book is released under a set of free licenses (GPL-2+ / CC-BY-SA 3.0), it’s already available in Debian Unstable, just apt-get install debian-handbook. There’s also a git repository (git clone git://anonscm.debian.org/debian-handbook/debian-handbook.git) if you want to contribute.

If you want to woanload Free Ebook Debian Administrator Handbook in PDF, Epub, and Mobipacket version, please visit this link :

http://debian-handbook.info/get/now/

You also can read this book online in here :

http://debian-handbook.info/browse/stable/

Happy Reading Guys. :D

Last week, a PHP-CGI vulnerability wasmdisclosed. The first person / group that reported this vulnerability is De Eindbazen. Famous Group in CTF World (Haha..). They found this vulnerability while playing Nullcon CTF. The details about this vulnerability :

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

This is the example payload taken by Ryan Barnett in his honeypot machine :

http://blog.spiderlabs.com/2012/05/honeypot-alert-active-exploit-attempts-for-php-cgi-vuln.html

You also can read the Proof of COncept from Spiderlabs here :

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

This page tell you about mitigation for this vulnerability :

http://www.php-security.net/archives/11-Mitigation-for-CVE-2012-1823-CVE-2012-2311.html

De Eindbazen also write some codes for the mitigation, you can download it here :

http://eindbazen.net/wp-content/uploads/2012/05/CVE-2012-1823-mitigation.tar.gz

Happy Hacking