Showing posts with label know. Show all posts
Showing posts with label know. Show all posts
Monday, September 25, 2017
Garmin GPS What you dont know can track you!
Garmin GPS What you dont know can track you!
Garmin GPS devices track their position by default (caveat: at least every device I have been given to examine!). They will do so, approximately every 30 seconds, when powered on. Notice I said nothing about navigating. Simply powering the devices causes them to start logging their location. While this feature can be disabled, it is buried in the settings and I suspect that most users are not even aware of it.
The data is stored in a GPX file, also know as the Global Positioning Satellite (GPS) Exchange Format. The most current track, appropriately named "Current.gpx," is stored in the "/Garmin/GPX" directory on the device. Older tracks are stored in "/Garmin/GPX/Archive" directory. The archives take on the name "
GPX files are in xml. The Current.gpx file can have interesting entries, including the "Home" address of the device owner. I have used this setting to reunite stolen devices with their owners or thieves back to their homes. But the most interesting information is the device track, which consists of a series of GPS waypoints or "trackpoints" recorded by the device. Here is a sample from an archive file:
There are many ways to handle a GPX file, but I have found it is most useful to convert it to a KML, or Key Hole Markup Language, file for use with Google Earth. While I know that Google Earth is not an open sourced application, and other tools like "gpxviewer" can map the GPX file directly, most of the people I support are Windows users that have experience with Google Earth.
There are two methods I am aware of for creating KML files. The first is using an online resource, like GPSVisualizer. Just complete the online form and upload your file to make a map that meets your requirements. Other formats, besides Google Earth, are possible, including Google Maps, JPG, PNG, SVG, and text.
I dont like to rely on websites, however, because Internet connectivity is never assured. Enter GPSBabel. GPSBabel is a command line tool (gui available) to convert over 100 different types of GPS data formats. A basic conversion can be as simple as:
gpsbabel -i gpx -f input.gpx -o kml -F output.kmlThere are numerous options, that I wont cover here, to customize your output file. They include labeling the way points with the date and time they were created, allowing you to easily visualize the track. Id recommend the use of a GUI to familiarize yourself with the customization options, though be aware that the GUIs seldom provide all available options.
I have used Garmin GPX files to map a suspects travels and place him them at crime scenes. I hope with this information you will be able to do so, too!
download file now
Wednesday, September 20, 2017
Getting to know the Relatives SQLite Databases
Getting to know the Relatives SQLite Databases
I was contacted by a colleague who needed some help analyzing a SQLite database. It was the myspace.messaging.database#database located in the "Users
The Challenges of SQLite
Lets face it: SQLite is everywhere. Understanding it is essential to good examinations, and a big part of that understanding come from learning SQL statements. There are many good online sources for learning SQL, and one of my favorites is w3schools.com.But, for digital forensics practitioners, there is another challenge beyond understanding SQL commands--understanding the construction and relationships of the tables. SQLite is a relational database, and the tables are meant to be related to one another to produce a result no possible or impractical from a single table. Knowing how the table was intended to be used can be very difficult... after all, a SQLite database is more akin to a file cabinet, not a secretary who uses the file cabinet.
For example, the secretary can place company bank records in a file called "Financial Records" or she can put them in a file called "Artichokes". It really doesnt matter, because she knows what goes in the file. Someone coming along behind her wont have much trouble finding the bank records in the Financial Records file, but might overlook them them entirely in the Artichokes file. The point is, without the secretary, it might be very hard to understand the filing system.
SQLite databases can be a lot like that. You can see the structure, or the schema as it is called, very easily. But what is not so easily understood is how the structure is intended to be used. That mystery is usually locked up in the application that utilizes the database, but it is not explained in the database itself.
Getting a Clue
To be sure, there can be hints about how tables in a database interrelate. Table and field names often speak volumes. A database called "AddressBook.db" with two tables called "Names" and "Addresses" that have a field in common called "SubjectID" isnt too hard to fathom. If we are lucky enough to be able to run the application that uses the database and test our inferences based on the applications output, our confidence grows (and our understanding, if supported by the outcome, would now be considered reliable).My favorite hints by far are SQL view statements. These are virtual tables that draw their data from other tables in the database (or an attached database). By studying a view statement, you get insight from the database creator how the database was intended to be used... at least in one capacity. Think of a view as a macro: it saves the database user the trouble of repeated typing a frequently used query. And, if the query is frequently used, then you have a good sense of how the database was intended to be used.
What if There are No Clues?
What about circumstances in which there are no clues in the database to help us understand its use. Well, if there are really no clues, then the only safe answer is we look at the data flat, that is to say, we look at the tables individually and we dont relate them in any way. But, there are often less obvious clues than can reveal an underlying relationship... which brings me to the point of this article.
Latent Rows
Latent fingerprint examiners know the term "latent" means hidden or invisible. Latent fingerprints must be revealed to be seen by some external method, such as fingerprint powder. SQLite tables have a latent field, so to speak. And, we can reveal it to help us form relations in a SQLite database.Consider the myspace.messaging.database#database I mentioned in the open paragraph. It has the following schema:
CREATE VIRTUAL TABLE AuthorData USING fts2(AuthorDisplayName, AuthorUserName);
CREATE TABLE AuthorData_content(c0AuthorDisplayName, c1AuthorUserName);
CREATE TABLE AuthorData_segdir( level integer, idx integer, start_block integer, leaves_end_block integer, end_block integer, root blob, primary key(level, idx));
CREATE TABLE AuthorData_segments(block blob);
CREATE TABLE AuthorMetaData (AuthorId INTEGER PRIMARY KEY, AuthorImageUrl TEXT);
CREATE VIRTUAL TABLE MessageData USING fts2(Subject, Body);
CREATE TABLE MessageData_content(c0Subject, c1Body);
CREATE TABLE MessageData_segdir( level integer, idx integer, start_block integer, leaves_end_block integer, end_block integer, root blob, primary key(level, idx));
CREATE TABLE MessageData_segments(block blob);
CREATE TABLE MessageMetaData (MessageId INTEGER PRIMARY KEY, RecipientId INTEGER, AuthorId INTEGER, Folder INTEGER, Status INTEGER, CreatedDate INTEGER);
CREATE TABLE UserSettings (UserId INTEGER PRIMARY KEY, MachineId TEXT, Enabled INTEGER, TimeStamp INTEGER, LastSyncTimeStamp INTEGER, FirstRunIndexPass INTEGER, FirstRunIndexTargetCount INTEGER, OldestMessageId INTEGER, LastServerTotalCount INTEGER);
CREATE INDEX AuthorIdIndex ON MessageMetaData (AuthorId, RecipientId);
CREATE INDEX StatusIndex ON MessageMetaData (Status, CreatedDate);
Now look more closely at two tables of interest,MessageMetaData and MessageData_content:
CREATE TABLE MessageMetaData (MessageId INTEGER PRIMARY KEY, RecipientId INTEGER, AuthorId INTEGER, Folder INTEGER, Status INTEGER, CreatedDate INTEGER);
CREATE TABLE MessageData_content(c0Subject, c1Body)
It would seem from the table names that MessageMetaData contains information about the messages, and MessageData_content contains the messages themselves. But, they dont share any fields that allow the two tables to be related. In other words, which rows of the metadata table correspond to which row of the content table? Do they even correspond at all?
It would seem from the table names that MessageMetaData contains information about the messages, and MessageData_content contains the messages themselves. But, they dont share any fields that allow the two tables to be related. In other words, which rows of the metadata table correspond to which row of the content table? Do they even correspond at all?
Lets look at our first hint or correspondence:
$ sqlite3 myspace.messaging.database#database.db select count(*) from MessageMetaData;
$ sqlite3 myspace.messaging.database#database.db select count(*) from MessageMetaData;
1358
$ sqlite3 myspace.messaging.database#database.db select count(*) from MessageData_content;
1358
Both tables have the same number of records. Hmm, a clue? Quite likely, especially upon study of the table content and the remaining tables contents. In fact conducting a similar study, we find another set of table correspondence: AuthorMetaData and AuthorData_content also have an equal number of records (172, to be exact) but no obvious, interrelated fields.
Unless youve studied SQLite construction in any depth, you probably dont know that it creates a rowid field for every table to act as a primary key. If a table is created with a defined primary key, that primary key is just a alias to the builtin rowid (with one exception outside the scope of this discussion). But the rowid is not represented in the table or database schema, which is probably why you didnt know about it (at least, I didnt until I bought a SQLite book).
Knowing about the rowid, i can now check to see if the two tables have matching rowid fields:
$ sqlite3 myspace.messaging.database#database.db select count(*) from MessageMetaData m, MessageData_content c where m.rowid = c.rowid
1358
We dont have to trust the count function, take a look for yourself:
$ sqlite3 myspace.messaging.database#database.db select m.rowid, c.rowid from MessageMetaData m, MessageData_content c where m.rowid = c.rowid
...
81407357|81407357
81416917|81416917
81504605|81504605
81505714|81505714
81530947|81530947
81569294|81569294
$ sqlite3 myspace.messaging.database#database.db select count(*) from MessageData_content;
1358
Both tables have the same number of records. Hmm, a clue? Quite likely, especially upon study of the table content and the remaining tables contents. In fact conducting a similar study, we find another set of table correspondence: AuthorMetaData and AuthorData_content also have an equal number of records (172, to be exact) but no obvious, interrelated fields.
Unless youve studied SQLite construction in any depth, you probably dont know that it creates a rowid field for every table to act as a primary key. If a table is created with a defined primary key, that primary key is just a alias to the builtin rowid (with one exception outside the scope of this discussion). But the rowid is not represented in the table or database schema, which is probably why you didnt know about it (at least, I didnt until I bought a SQLite book).
Knowing about the rowid, i can now check to see if the two tables have matching rowid fields:
$ sqlite3 myspace.messaging.database#database.db select count(*) from MessageMetaData m, MessageData_content c where m.rowid = c.rowid
1358
We dont have to trust the count function, take a look for yourself:
$ sqlite3 myspace.messaging.database#database.db select m.rowid, c.rowid from MessageMetaData m, MessageData_content c where m.rowid = c.rowid
...
81407357|81407357
81416917|81416917
81504605|81504605
81505714|81505714
81530947|81530947
81569294|81569294
Well, now this is even more interesting. We not only have two tables with the same number of rows, but we have two tables with fields in relation, i.e., rowid!
Understand that rowid is simply an autoincrementing, unique, 64-bit integer unless specifically declared otherwise by insert and update commands. But is this just a coincidence? Lets consider: we have non-sequential rowids throughout both tables. That might be explained by dropped rows from the tables. But two tables, each with 1358 rows, and each row having a matching rowid in the other table? That is more than coincidence--its programatic. The application populating the tables is assigning the rowids.
The Proof is in the Pudding
My assertion is that the myspace.messaging.database#database.db is assigning the rowids as it populates the related tables and links the rows by matching rowid. Let me demonstrate how rowid can be assigned:
sqlite> create table numbers(digit integer);
sqlite> insert into numbers (digit) values(1);
sqlite> insert into numbers (digit) values(2);
sqlite> insert into numbers (digit) values(3);
sqlite> select rowid, digit from numbers;
1|1
2|2
3|3
4|3
sqlite> insert into numbers (rowid, digit) values (1000, 4);
sqlite> select rowid, digit from numbers;
1|1
2|2
3|3
4|3
1000|4
sqlite> create table numbers(digit integer);
sqlite> insert into numbers (digit) values(1);
sqlite> insert into numbers (digit) values(2);
sqlite> insert into numbers (digit) values(3);
sqlite> select rowid, digit from numbers;
1|1
2|2
3|3
4|3
sqlite> insert into numbers (rowid, digit) values (1000, 4);
sqlite> select rowid, digit from numbers;
1|1
2|2
3|3
4|3
1000|4
I created at table called "numbers" with one field called "digit." I then inserted three rows in the table with the values 1, 2, and 3 respectively. If youve been following along, you now know that every SQLite table also has a rowid field, even if not expressly created in the table by the user. The first select statemnt shows the autogenerated rowid and along with the digits I inserted.
The final insert statement is different. Here I assign the rowid, rather than let it be automatically populated by the SQLite engine. And, as you an see in the final select statement, I succeed in setting an non-sequential rowid.
Putting it All Together
Ive demonstrated a "hidden" way that tables in SQLite databases can be related. It takes some knowledge in SQLite structure and the SQL query language to unveil this data, however. If you are in the habit of relying on SQLite browsers and looking at tables without relating them, then you are really missing out on a wealth of data.
Again, let me illustrate using the myspace.messaging.database#database. Lets look at one row in each of the tables I mentioned previously:
$ sqlite3 -header myspace.messaging.database#database.db select * from MessageMetaData limit 1;
MessageId|RecipientId|AuthorId|Folder|Status|CreatedDate
1289081|544962655|41265701|0|2|1280870820000
$ sqlite3 -header myspace.messaging.database#database.db select * from MessageData_content limit 1;
c0Subject|c1Body
Hi|Hey, whats up?
$ sqlite3 -header myspace.messaging.database#database.db select * from AuthorMetaData limit 1;
AuthorId|AuthorImageUrl
-1930729470|http://some_url/img/some_image.png
$ sqlite3 -header myspace.messaging.database#database.db select * from AuthorData_content limit 1;
c0AuthorDisplayName|c1AuthorUserName
A User|auser
$ sqlite3 -header myspace.messaging.database#database.db select * from MessageMetaData limit 1;
MessageId|RecipientId|AuthorId|Folder|Status|CreatedDate
1289081|544962655|41265701|0|2|1280870820000
$ sqlite3 -header myspace.messaging.database#database.db select * from MessageData_content limit 1;
c0Subject|c1Body
Hi|Hey, whats up?
$ sqlite3 -header myspace.messaging.database#database.db select * from AuthorMetaData limit 1;
AuthorId|AuthorImageUrl
-1930729470|http://some_url/img/some_image.png
$ sqlite3 -header myspace.messaging.database#database.db select * from AuthorData_content limit 1;
c0AuthorDisplayName|c1AuthorUserName
A User|auser
The only hint of relationship, besides table names, is the AuthorID field in MessageMetaData and AuthorMetaData. But there is still no obvious way to tie the metadata to the content we are most interested in. Your favorite GUI browser maybe make the display prettier, but its just as impotent.
But, now that you have knowledge of the rowid, and have a link to a tutorial on SQLite statements, youre not too far from being able to do this:
sqlite3 -header myspace.messaging.database#database.db select messageid, datetime(createddate/1000, "unixepoch", "localtime") as Date, mm.AuthorID, c0AuthorDisplayName as "Author Display Name", c1AuthorUserName as "Author Username", c0subject as Subject, c1Body as Body from MessageMetaData mm, MessageData_content mc, AuthorData_Content ac, AuthorMetaData am where mm.AuthorID = am.AuthorID and am.rowid = ac.rowid and mm.rowid = mc.rowid limit 2;
MessageId|Date|AuthorId|Author Display Name|Author Username|Subject|Body1289081|2010-08-03 14:27:00|41265701|A User|auser|Hi|Hey, whats up?
I ask you, on which output would you rather examine and report?
sqlite3 -header myspace.messaging.database#database.db select messageid, datetime(createddate/1000, "unixepoch", "localtime") as Date, mm.AuthorID, c0AuthorDisplayName as "Author Display Name", c1AuthorUserName as "Author Username", c0subject as Subject, c1Body as Body from MessageMetaData mm, MessageData_content mc, AuthorData_Content ac, AuthorMetaData am where mm.AuthorID = am.AuthorID and am.rowid = ac.rowid and mm.rowid = mc.rowid limit 2;
MessageId|Date|AuthorId|Author Display Name|Author Username|Subject|Body1289081|2010-08-03 14:27:00|41265701|A User|auser|Hi|Hey, whats up?
I ask you, on which output would you rather examine and report?
Addendum
That last query is really not so scary. Its just long because were grabbing seven fields from four tables, and converting a date stamp. But, in reality, its very straight forward.Lets take a look:
select
messageid,
datetime(createddate/1000, "unixepoch", "localtime") as Date,
mm.AuthorID,
c0AuthorDisplayName as "Author Display Name",
c1AuthorUserName as "Author Username",
c0subject as Subject,
c1Body as Body
from
MessageMetaData mm,
MessageData_content mc,
AuthorMetaData am,
AuthorData_Content ac
where
mm.AuthorID = am.AuthorID
and am.rowid = ac.rowid
and mm.rowid = mc.rowid;
The select clause simply picks the fields we want to display. The datetime function converts the unixepoch time, which is recorded in milliseconds, to local time. The as statements are naming the columns something more user friendly and are not required.
The from statement simply declares what tables to query for the fields we are trying to display. Each table is followed by an alias I chose to make easier reference to field names common to more than one table. For example, AuthorID is found in both the MessageMetaData and AuthorMetaData tables. By giving MessageMetaData the alias of mm, I can now reference the MessageMetaData.AuthorID field as mm.AuthorID.
The where statement is a filter. It keeps the tables aligned, so to speak. It ensures that only the correct author content and message content is returned for each row. This post is a lot long in the tooth, so I wont go into detail describing how it works. But, very succinctly, the MessageMetaData record is matched to a AuthorMetaData record by AuthorID. The the AuthorMetaData record is matched to its corresponding AuthorData_Content record by rowid. Finally, the MessageMetaData record is matched to its corresponding MessageData_content, also by rowid.
download file now
Tuesday, September 19, 2017
Top 5 Best Youtube Tricks Every Internet User Should Know
Top 5 Best Youtube Tricks Every Internet User Should Know
Youtube is the most pouplar video sharing websites. We all many videos in youtube for diffrent reasons. Here I tell you some aweome tips and tricks that can increase your knowledge about youtube. So try all this tips and tricks with your pc. There are many secrets and hacks in youtube that probably we dont know yet.
Top 5 Youtube Tricks for Every Internet User
1. Download Youtube Video
This is one of the most popular tricks for Youtube. If you want local copy of youtube video for PC and android Mobile, this trick help you.
You just need to add ss before. Below you see a example how you download youtube video.
Best 40 Facebook 2014 Hacks ,Tips & Tricks that Make Your Facebook Life Better
Top 5 Youtube Tricks for Every Internet User
1. Download Youtube Video
This is one of the most popular tricks for Youtube. If you want local copy of youtube video for PC and android Mobile, this trick help you.
You just need to add ss before. Below you see a example how you download youtube video.
https://www.youtube.com/watch?v=h01Y40j9_r0
Would now change into
https://www.ssyoutube.com/watch?v=h01Y40j9_r0Sometimes youtube gives you error like this video not avalaible in your country or age restrictions.
Here is a solution.
https://www.youtube.com/watch?v=h01Y40j9_r0
Would now change into
https://www.youtube.com/v/h01Y40j9_r03. Youtube TV website for PC (Beautiful and Clean Youtube)
Now with Youtube TV you can control youtube website from Keyboard-only. This whole website is controlled by Keyboard. youtube.com/tv give you tv experiance in your PC.
In this website all youtube categories comes in very beautiful animation.
If you want something new from Youtube this is. In here you see clean interface. Not any commentbox,suggestion or ad. If you want youtube video without ads try this.
4. Play the Snake Game In Youtube
Ya this is true when you play youtube video you can also play snake game on youtube. When you see loading sign press UP arrow key. Now the loading sign turn into snake game. This is so cool tricks ,so try and prank your friends with this trick.
5. Youtube Search Easter Egg.
When you search these easter eggs in youtube. Youtube responses diffrently. This thing is prankable when you wanna something new with only youtube searches.
"Use the force luke search" (your mouse moves things around)
"Beam me up Scotty" (search results "transport" on the page)
"Doge meme" (all comic book sans)
"Do the Harlem shake" (the page literally does the Harlem shake�with soundtrack)
Try all this trick and if you got any problem contact me at Facebook.
download file now
Wednesday, September 6, 2017
Top 10 KeyBoard Shortcuts Everyone Should Know
Top 10 KeyBoard Shortcuts Everyone Should Know
Using keyboard shortcuts can greatly increase your productivity, reduce repetitive strain, and help keep you focused. For example, highlighting text with the keyboard and pressing Ctrl + C is much faster than taking your hand from the keyboard, highlighting the text using the mouse, clicking copy from the file menu, and then putting your hand back in place on the keyboard. Below are our top 10 keyboard shortcuts we recommend everyone memorize and use.Ctrl + C or Ctrl + Insert
Both Ctrl + C and Ctrl + Insert will copy the highlighted text or selected item.
Ctrl + V or Shift + Insert
Both the Ctrl + V and Shift + Insert will paste the text or object thats in the clipboard.
Ctrl + Z and Ctrl + Y
Undo any change. For example, if you cut text, pressing this will undo it. This can also often be pressed multiple times to undo multiple changes. Pressing Ctrl + Y would redo the undo.
Ctrl + F
Pressing Ctrl + F opens the Find in any program. This includes your Internet browser to find text on the current page.
Alt + Tab or Ctrl + Tab
Quickly switch between open programs moving forward.
Tip: Press Ctrl + Tab to switch between tabs in a program.
Tip: Adding the Shift key to Alt + Tab or Ctrl + Tab will move backwards. For example, if you are pressing Alt + Tab and pass the program you want to switch to, press Alt + Shift + Tab to move backwards to that program.
Tip: Windows Vista and 7 users can also press the Windows Key + Tab to switch through open programs in a full screenshot of the Window.
Ctrl + Back space and Ctrl + Left or Right arrow
Pressing Ctrl + Backspace will delete a full word at a time instead of a single character.
Holding down the Ctrl key while pressing the left or right arrow will move the cursor one word at a time instead of one character at a time. If you wanted to highlight one word at a time, you can hold down Ctrl + Shift and then press the left or right arrow key to move one word at a time in that direction while highlighting each word.
Ctrl + S
While working on a document or other file in almost every program, pressing Ctrl + S saves that file. This shortcut key should be used frequently anytime youre working on anything important.
Ctrl + Home or Ctrl + End
Ctrl + Home will move the cursor to the beginning of the document and Ctrl + End will move the cursor to the end of a document. These shortcuts work with most documents, as well as web pages.
Ctrl + P
Open a print preview of the current page or document being viewed. For example, press Ctrl + P now to view a print preview of this page.
Page Up, Space bar, and Page Down
Pressing either the page up or page down key will move that page one page at a time in that direction. When browsing the Internet, pressing the space bar also moves the page down one page at a time.
Tip: If you are using the space bar to go down one page at a time, press the Shift key and space bar to go up one page at a time.
Other Recommended Shortcuts
We also recommend the following keyboard shortcuts, as they can be very useful:Ctrl + O
Allows you to select and open a file within the current software program. This works in most programs, including Internet browsers.
F2
After highlighting or selecting a file, pressing F2 changes the file name to be editable, allowing you to rename the file.
download file now
Friday, September 1, 2017
The New Google Analytics Home Know Your Data
The New Google Analytics Home Know Your Data
We�ve been improving Google Analytics with the goal of making it even easier for anyone to gain the insights they need. Last year, we introduced a fully redesigned mobile app for better insights on the go (which has now been downloaded over a million times!). We then introduced automated insights in the mobile app. Most recently, we simplified our web UI.
Today were introducing additional enhancements designed to help you make better data-driven decisions based on a deeper understanding of your users.
A New Home
The first thing youll notice when you sign into your account is that weve introduced a new landing page.
The �Home� page in Google Analytics now offers an overview of key aspects of your business� online presence. Here are a few highlights:
- You can see snippets from a curated set Google Analytics reports, including real time data, with simple and streamlined controls.
- Each snippet is preceded by a helpful question that frames the data, such as �When do your users visit?� or �Where do your users come from?�.
- Want to dig deeper? Hover on any data point for more details or drill into the relevant report with the provided link on each card.
- �Home� is automatically configured based on your setup: For example, if you have Goals or Ecommerce, you�ll see the page change accordingly.
This is a new page in Google Analytics. Existing reports have not changed. The Audience Overview report, which used to be the default landing page, is still available: just open the �Audience� section in the side navigation and click on "Overview".
Discover
Looking for the latest enhancements to the basic Google Analytics experience? Youll find them in our new �Discover� page.
As the name suggests, Discover offers products and experiences that you might find useful as you work with your Google Analytics account. These could be products like Google Optimize, tools like the Google Analytics mobile app, helpful features like Custom Alerts, or even useful educational materials from the Analytics Academy.
Look for the new Discover link just next to the Admin link at the bottom of your left navigation.
Both of these additions will be rolling out to all users over the next few weeks. We hope these new additions help make it easier for you to get the most out of Google Analytics.
download file now
Subscribe to:
Posts (Atom)