New Syntax Highlighting Style Test - C++

08/10/2018

Just updated the code syntax highlighting style. This is a sample of C++ codes from btrForensics.

...Read more

New Syntax Highlighting Style Test - PowerShell

08/09/2018

Just updated the code syntax highlighting style. This is a sample of PowerShell codes from PowerWinForensics.

...Read more

Research Paper Presented at DFRWS 2018 USA

08/01/2018

A research paper that I co-authored was presented at DFRWS (Digital Forensic Research Conference) 2018 USA. As a contributor, I am proud to have the chance to work with two researchers, Jan-Niclas Hilgert and Martin Lambertz from Fraunhofer FKIE, Bonn, Germany.

The paper was titled as Forensic analysis of multiple device BTRFS configurations using The Sleuth Kit. It discussed the multi-device feature offered by BTRFS, a modern filesystem designed for Linux to achieve rich functions and better performance.

Since BTRFS implements many advanced concepts like subvolumes, snapshots, copy on write (CoW). This paper attempted to resolve some problems brought by BTRFS multi-device support whose answers could not be found via traditional digital forensics process.

The complete paper can be found on DFRWS 2018 USA website. It was also published on Digital Investigation Volume 26, Supplement, July 2018, Pages S21-S29 with open access. Check either of the following links to read and download the paper:

DFRWS - Papers & Presentations

Elsevier - Digital Investigation - Proceedings of the Eighteenth Annual DFRWS USA

...Read more

Excel Chart in PowerShell

03/17/2018

Equipped with Office Interop and the ability to manipulate COM objects, Windows PowerShell is capable of generating rich Excel sheets, which can be very helpful in analyzing and displaying data.

One minor problem is depending on different versions of Office, some features may act differently. For example, PowerShell can be used to create charts in an Excel file:

$excel = New-Object -comobject Excel.Application
$workbook = $excel.Workbooks.Add()
$sheet = $workbook.Worksheets.Item(1)

$objCharts = $worksheet.ChartObjects()
$objChart = $objCharts.Add(100, 100, 100, 100)

$dataRange = $worksheet.range("A1:E4")
$objChart.Chart.SetSourceData($dataRange, 2)

The default chart type used here will be Bar chart. To change the chart type, in a system installed with newer version of Office, the code will be:

$objChart.Chart.ChartType = [Microsoft.Office.Interop.Excel.XLChartType]::xl3DPieExploded

This creates a 3D Exploded Pie chart.

However, in a system with early Office 2007, this XLChartType enum will not be recognized. To make the same chart, an integer must be used instead:

$objChart.Chart.ChartType = 70

For a list of all the XLChartType enums and corresponding integer values, refer to the following official document:
XlChartType Enumeration (Excel)

See also:

Chart types examples:
Available chart types in Office

C# Office Interop programming guide:
How to: Access Office Interop Objects by Using Visual C# Features

...Read more

Set Up Reverse Proxy for Web Servers with IIS

09/13/2017

Problem

There are two web servers on two different machines in the internal network serving two different websites. Now we want clients from external network be able to access the two websites. However, there is only one available external IP address to be shared by these two websites. Also, we want the clients be able to visit the websites using the default HTTP port 80 instead of mapping different sites to different ports. The only thing that can distinguish the two websites’ requests is the url.

Problem

Goal

The two web servers, with IP address 172.16.100.11 and 172.16.100.12 in the internal network are serving www.testweb1.com and www.testweb2.com respectively with different contents. The only available external IP address is 10.10.0.1. When the client types www.testweb1.com or www.testweb2.com in the URL column in the browser, both will point to 10.10.0.1 by DNS record, but client will see different contents based on the URLs.

...Read more

  Page 1 of 4   Next Page

SYANG.IO © 2018