I just created a NaiveBayes classifier for sentiment analysis of texts in social media. I'm quite proud of the 78% over all accuracy, 100% of the "positief" precision and 100% of the "negatief" recall. You can find more information of this terms here.
Unfortunately, when an Eventlog file from a Windows computersystem is copied for further investigation, it is often corrupted.
The Windows event log database contains a so called floating footer. It will be positioned at the offset where the next record will be written. This floating footer object contains metadata that is maintained in real time. If the file was not properly closed, the fields of the floating footer will not have been synched and the file status byte will be odd. When you attempt to open such a file with any viewer reliant upon the event log API, it will be reported as corrupt. This frequently occurs in forensics when you pull the plug or do a live acquisition. In that case, you'll need to repair the eventlog.
I use a simple tool to repair the eventlog: http://www.cwflynt.com/logFixer/.After the correction of the eventlog, I use PowerShell to look at the contents:
Get-Winevent -Oldest -Path .\SysEvent1.Evt | Out-Gridview
The Gridview let's us do further filtering etc.
Create a simple spreadsheet with Google Drive
Publish the spreadsheet
(Example: https://docs.google.com/spreadsheet/pub?key=0BBZ40Xdv4Me8dEotdGVVS1dLR05KVjZMS3VpMXozSEE&output=html)
Download BeautifulSoup for Python
Put BeautifulSoup.py in your scripts folder
Start the Python terminal
Command:
import urllib2
from BeautifulSoup import BeautifulSoup
url = urllib2.urlopen("https://docs.google.com/spreadsheet/pub?key=0BBZ40Xdv4Me8dEotdGVVS1dLR05KVjZMS3VpMXozSEE&output=html")
content = BeautifulSoup(url)
items = content.findAll('td',{ 'class' : 's1'})
for item in items:
print item.string
Today I had a very hard time playing avc video files of an Elro 4ch 500GB HDD DVR DVR534. I found a solution in FFMpeg.
Command:
C:\Users\Mark\Downloads\ffmpeg-20130215-git-4a6fa79-win32-static\bin>ffplay "filename.avc"
Downloaded codecs:
Fortunately, it's also possible to convert the avc files to standard avi files:
C:\Users\Mark\Downloads\ffmpeg-20130215-git-4a6fa79-win32-static\bin>ffmpeg "filename.avc" c:\folder\filename.avi
Today I had a hard time figuring out how to play Axis ACSM files. ACSM files are security camera video files, created with Axis Camera Station. This is my solution:
download RecordingToAsfConverter
open a dosbox (Windows command line / CMD) and use the following command:
RecordingToAsfConverter.exe d:\path_to_acsm_files\filename.acsm c:\my_asf_files
This command will generate an ASF file, which can easily be opened with a media player like VLC.
A batch
Put all the AXIS ACSM files in one folder (for example, c:\temp)
c:\temp>w:\software\axisconverter\RecordingToAsfConverter.exe c:\temp\*.acsm c:\temp\
Sometimes it can be very handy to add GPS position to images, so they can be shown on a map. GPS positions can be added to any image (not limited to digital photos). I use Picasa3 to do this job.
Open a picture in Picasa3 and click the map symbolSelect a position on the world map
Drag and drop the marker on the right position
That's it. Now the image contains a nice GPS position and can be plotted on a map!
Paterva CaseFile is the smaller brother of Maltego. It's essentially a graphing tool. This is a walkthrough for installing Paterva CaseFile with Ubuntu Linux.
First, remove OpenJDK (if installed on your system) and install Oracle Java 7:
sudo apt-get purge openjdk*
sudo rm /var/lib/dpkg/info/oracle-java7-installer*
sudo apt-get purge oracle-java7-installer*
sudo rm /etc/apt/sources.list.d/*java*
sudo apt-get update
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer
Then, download CaseFile, choose the .deb version. Install it using Ubuntu Software Center.
That's all! Now you can use CaseFile as your new graphing tool.
Each time you turn on your computer, Windows keeps track of the way your computer starts and which programs you commonly open. Windows saves this information as a number of small files in the prefetch folder. The next time you turn on your computer, Windows refers to these files to help speed the start process. The prefetch folder is a subfolder of the Windows system folder.
In this example, I use PowerShell (with Administrator rights) to show the files in the Prefetch folder
----------
dir c:\windows\prefetch | sort name
----------
I can see that TrueCrypt has been used, which I find interesting:
I want to know if any files have been created with TrueCrypt. As you can see in the image above, I do have the date and time that TrueCrypt has been used (3-10-2012 09:27). I can use this information in my query:
----------
cd \
dir c: -recurse | select name,fullname,lastwritetime | where {$_.lastwritetime -gt "2012-10-03 09:27"} | out-gridview
----------
After a short while, I can see the file c:\temp\newcontainer has been created directly after TrueCrypt was started. Now I can investigate the newcontainer file. Cool, isn't it ?
Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page. However, it's not possible to save the changes you make and as soon as you navigate to another page, your changes are gone.
Today, I noticed this video with a very simple solution to the problem, you only have to download the Scrapbook Plus add-on.
Now, when you have changed anything with Firebug, rightclick with the mouse on the webpage and use "Bookmark with Scrapbook+" to save the content. You can use "ALT + K" to show the link to your content in the sidebar. Rightclick the url in the sidebar to see the location of your content ("properties"). For example, in my case the content was located at
/home/mark/.mozilla/firefox/0scdgtnn.default/ScrapBook/data/20120604162320/
All files that you have changed with Firebug is stored in that folder. Now, you only have to use FTP or something like that to move the changed files over to your server and you're good to go!