DevFestMD 2017

I ditched work today and drove into Baltimore for DevFestMD instead…it was a blast! It took place at Betamore at City Garage, which is a really cool space in Port Covington, just across the Vietnam Veterans Memorial Bridge. There were lots of interesting talks, plus code labs (Go, Kotlin, and more!).

pic of Sarah Jennings

Sarah Jennings (@ThatOtherSarahJ) warned us that the Blockchain is coming for us!

pic of block chain slide

Danny Blue (@dee_bloo) talked about packaging Angular modules.

Mike Talbott (@MikeTalbott) told us about recent advances in augmented reality.

pic of Mike Talbott

His company, BaltiVirtual, is one of the occupants of City Garage and they generously offered tours of their spaces and demos of cool augmented and virtual reality things throughout the day.

Sal Hernandez (@clickclickonsal) expo-unded (Ha! See what I did there?) on React Native.

Chida Sadayappan (@schida) broke down machine learning opportunities.

Gavin Cannizzaro ranted about visibility in program design.

Shannon Foster (@SheCanTech) explained civic tech.

pic of Shannon Foster

At the end, they had a drawing for some cool gadgets. I didn’t win anything, but that’s okay. It was a fun day!

Advertisements
DevFestMD 2017

Autopsy in Xubuntu 17.10

Well, I’m happy to report that I upgraded to Xubuntu 17.10 and Autopsy still works. That’s not surprising (it’s just Java, after all), but it still might be worth mentioning.

And I managed to process some data. At first, I made a dd image of a thumb drive because Autopsy couldn’t access it directly. That worked. It was my Strawberry Perl stick and Autopsy found over 6000 email addresses (presumably all of the module authors and other contributors to Strawberry Perl), but nothing else of interest.

Next, I grabbed a random thumb drive from my backpack and ran Autopsy as root. That way it could process the thumb drive directly, without making an image first. That drive contained a Linux driver, a zip file of all the slides from last year’s Enfuse conference, a tarball containing an older version of dd_rescue, an /etc/hosts file from my home network, a directory of photos from a trip to Ottawa, a PDF of a boarding pass for a plane trip, and an empty directory.

$ ls /media/tim/oylenshpeegul
agere_sta_fw.bin
_ALL SPEAKER PRESENTATIONS IN PDF.zip
dd_rescue-1.23.tar.gz
hosts
Ottawa 2013
Southwest_Airlines_-_Print_Boarding_Passes_and_Security_Document.pdf
System Volume Information

Autopsy found 110 email addresses from the zip file and one from the tarball. It found the EXIF data from the photos. The timeline showed a history for dd_rescue going back to the year 2000. It was easy to generate an HTML report

screenshot of Autopsy HTML report

and there were a half dozen other report formats as well. All in all, a pretty good experience! Now, how to write a plugin…

Autopsy in Xubuntu 17.10

Autopsy 4.5 works in Linux!

Ever since Autopsy 3.0 was released and right up through Autopsy 4.4.1, it only worked in Windows. I could get it to compile without error on my Linux machine, but running it would only display the splash screen of the little doggie and then immediately crash.

Screen shot of Autopsy 4.4.1 splash screen in Linux

But yesterday at OSDFCon, my friend Ben said he got the newly released Autopsy 4.5 to compile and run on his Ubuntu 16.04 machine! The weird part was that he said he didn’t do anything different, it just worked.

Today, I tried compiling it on my Xubuntu 17.04 machine and it did indeed work! It wasn’t completely straightforward, so here’s what I did:

First, get Sleuthkit 4.5…

$ cd ~/sleuthkit
$ tar xf ~/Downloads/sleuthkit-sleuthkit-4.5.0.tar.gz 
$ cd sleuthkit-sleuthkit-4.5.0

…and build it. It didn’t have a configure file included, so we’ll need need to run autoconf ourselves.

$ autoreconf --install
$ autoconf
$ ./configure
$ make
$ make check
$ sudo make install

Now we have to build the Java bindings for it.

$ cd bindings/java
$ ant dist-PostgreSQL

But Autopsy will be looking for Tsk_DataModel_PostgreSQL.jar rather than Tsk_DataModel.jar, so we’ll fake one of those.

$ cd dist
$ ln -s Tsk_DataModel.jar Tsk_DataModel_PostgreSQL.jar

Okay, now we’re ready to get and build Autopsy 4.5.

$ cd ~/sleuthkit
$ tar xf ../Downloads/autopsy-autopsy-4.5.0.tar.gz
$ cd autopsy-autopsy-4.5.0
$ export TSK_HOME=$HOME/sleuthkit/sleuthkit-sleuthkit-4.5.0
$ ant

Now when we run it…

$ ant run
...
BUILD SUCCESSFUL
Total time: 19 minutes 25 seconds

…we eventually get an Autopsy window!

Screen shot of Autopsy 4.5 in Linux

We can try to create a new case…

Screen shot of Autopsy 4.5 create case

…and process it.

Screen shot of Autopsy 4.5 processing

Hrm. The default settings apparently include things that only work in Windows.

So it’s still pretty aggressively single-platform, but at least it runs without crashing! To be fair, they describe it as “a Windows-based desktop digital forensics tool” right on the tin. But it’s written in Java, so there’s no good reason that it shouldn’t just work everyhere.

Assuming I can get it to actually process some data for me, next I want to try writing a plug-in for it in Clojure. I bounced that idea off of Brian Carrier and Richard Cordovano at OSDFCon yesterday. Both seemed skeptical.

Autopsy 4.5 works in Linux!

Clojure/conj 2017 in Baltimore

pic of 10th anniversary cake

I just got back from Clojure/conj and wow, was it great! I don’t use Clojure professionally, but the conference was right here in Baltimore this year, so I couldn’t pass it up.

Clojure 1.0 came out in 2009, but they’re calling this the 10th anniversary because it had actually gone public a couple of years before that. In fact, one of the highlights of the conj was this morning’s talk by fogus and Chouser, where they reminisced about the whole ten years. This included details from 2007 and 2008 which were new to many of us.

At the party last night, I was able to meet Rich Hickey. I shook his hand and said, “thank you.” I’m not sure if I said anything coherent after that, so he probably thinks I’m an idiot, but I’m grateful for the opportunity nonetheless. He has done so much for programmers everywhere! He didn’t just create Clojure, he challenged the status quo. Object-oriented programming dominated our collective thinking for decades, almost to the exclusion of everything else. Now it’s common to hear people speak about alternatives.

I met lots of other Clojurists from near (Baltimore, Brooklyn, &c.) and far (Toronto, Tokyo, &c.) and every one was super nice. I’m not sure if programming Clojure makes you a nicer person or if nice people are just attracted to Clojure, but either way it made for a very pleasant conference.

Clojure/conj 2017 in Baltimore