Welcome to Mohammad Ali Sarbanha`s Official website my home on the net sarbanha.com mohammad.ali@sarbanha.com Send me your comments Find my recent activities here
| Home | Info. Base | Programming | Recent Activities | Favorite Links | Album | About/Contact | Site Map |

My recent activities!



Wednesday, January 10, 2007  
Crimes and P2P Networks
 
P2P networks are intended to connect hosts that are connected to the Internet in order to interchange files directly, this method, technically, has a nice and smart idea behind it, but it takes the control away for authorities and digital content owners.

One of the most discussed cases of P2P crimes is violation of intellectual properties rights, books, multimedia and software are subjects of this type of crimes. With a P2P network, one can search and find other peers that have or pretend having files that he or she needs. Searching the net reveals that there are many cases versus P2P companies and developers, such as GRANT T. STANLEY [CyberCrime.gov, 2006].

Distributing malware, viruses, worms and exploits are other important issues which its complexity is completely different from intellectual property issues. Computer literates know that downloading files might contain malwares that can not be recognized by security software. Malwares might be buried under a bulk of installation files of the real software and a forged setup file might release the malware.
I tried to search for a specific software, I found many files with the same identification but different sizes! Therefore, you can easily deduct that at least one of them carries the malware.

Another type of such criminal activity is expediting the distribution of paparazzi contents, few months ago very private films of one of the famous actresses in Iran had been distributed over the net through P2P systems, this caused a law suite against the perpetrator and he is sentenced to be executed!

Although there is no control over P2P services like eMule which is fully distributed over the internet with no central managing organization, there must be precautionary measures to be taken into account to reduce the chance of criminal activities; in P2P systems there are huge amounts of files and transmission stream which can not be logged centrally, file fragments might be downloaded from a multitude of other nodes, so this makes it quite difficult to rely on log files while investigating a case. Therefore, live capture of network traffic and cooperation of ISP is also required. Moreover, it might be possible to fake a client in order to communicate with that person in order to make the criminal busy and at the same time police can take an action and capture the perpetrator at the time that the crime happens.

A challenging part of the investigation is that the digital information can not be reconstructed in the way that can be used in the court room. Therefore, investigators should be able to collect enough data to establish strong incriminating evidence.

Another important part of investigation that should be considered is that ISPs should cooperate in this investigation, they might ask for any official documents such as warrants that allow investigators to investigate network or capture required network traffic silently.

Depending on case conditions, investigators might need to travel abroad or ask very remote ISPs to cooperate with them, they would obviously need network investigation warrants from the ISP’s local jurisdiction. As we have discussed this week, we might not be able to get required warrants from some countries, they might not cooperate in investigation, therefore, we might not be able to reach perpetrator at all.

According to my researches, most of the P2P cases were followed by prosecution of the P2P developers or companies. Many P2P companies and individuals are sentenced because of their law-breaking innovations! Napster, bitTorrent, Kazaa and many others.

I believe a standardized P2P can solve the problem when it’s being supported by controlling mechanisms in order to allow each ISP watching the P2P network traffics, analyze the traffic easily and warn its client if the content is not allowed to be transferred. Well, one might argue that we can not recognize and analyze all traffic of the network; nonetheless, I think we can develop new mechanisms of digital content sharing that the delivered content can be watermarked in such way that detective software can distinguish between legal and illegal files and notify the administrators of the ISP.

REFERENCES:

Cybercrime.gov (2006) ‘Wise, Virginia Man Sentenced in Peer-to-Peer Piracy Crackdown’ [Internet] Available at: http://www.cybercrime.gov/stanleySent.htm (Accessed: 2007-01-10)

Fred von Lohmann (2006) ‘IAAL*: What Peer-to-Peer Developers Need to Know about Copyright Law’ Electronic Frontier Foundation, fred@eff.org, v. 5.0, January 2006 [Intrnet] Available at: http://www.eff.org/IP/P2P/p2p_copyright_wp.php (Accessed: 2007-01-10)

Thomas Mennecke (2006) ‘Case Against Patti Santangelo Dropped’ [Internet] Available at: http://www.slyck.com/story1364.html (Accessed: 2007-01-10)

Kristyn Maslog-Levis (2005) ‘Aussie BitTorrent case to test Aust-US FTA’, ZDNet Australia [Internet] Available at: http://www.bilaterals.org/article.php3?id_article=1457 (Accessed: 2007-01-10)

BBC.CO.UK (2005) ‘Kazaa hit by file-sharing ruling’ [Internet] Available at: http://news.bbc.co.uk/1/hi/technology/4214810.stm (Accessed: 2007-01-10)

BBC.CO.UK (2005) ‘Judge backs case against Kazaa’ [Internet] Available at: http://news.bbc.co.uk/1/hi/entertainment/music/2514153.stm (Accessed: 2007-01-10)

BBC.CO.UK (2005) ‘BitTorrent user guilty of piracy’ [Internet] Available at: http://news.bbc.co.uk/2/hi/technology/4374222.stm (Accessed: 2007-01-10)

Napster Cases, http://www.eff.org/IP/P2P/Napster/ (Accessed: 2007-01-10)

MGM v. Grokster, http://www.eff.org/IP/P2P/MGM_v_Grokster/ (Accessed: 2007-01-10)

Napster Cases, http://www.riaa.com/News/filings/napster.asp (Accessed: 2007-01-10)


Note: This article is prepared for the University of Liverpool.
 posted by Mohammad Ali  # 2:42 PM


Wednesday, January 03, 2007  
Email information leakage investigation
 
Precautionary actions:

In order to prevent more information leakage, all incoming e-mails are forwarded to a temporary alias e-mail address. Afterward, one of the IT personnel is assigned to feed the mailbox with fake and unreal information that look real by which we can keep the criminal watching the mailbox.

Digital evidence collection/reduction and collection:

In this phase, all SMTP connections for mail relay, POP, IMAP and web connections that try to access this specific mail box should be recorded and logged, since we can not distinguish between different mailboxes while TCP connections are being intercepted, we need to recover contents of all TCP packets coming and leaving the mail server, after information recovery, we need to filter unwanted data and keep the necessary data.

In order to intercept the packets we can use Ethereal in bottleneck of the network or on the mail server itself. Ethereal has a very nice tool that can reconstruct the fragmented TCP packet from captured network packets. However, we may need NetIntercept software that can deal with mime contents.

After all, we need to identify the offender, what we have at hand is the model and the time that the offender tries to intrude. The time might reveal the time zone of the place that he lives and leads us to the relevant public IP addresses databases, such as arin.net and ripe.net, checking the IP address leads us to the geographical location of the person who performs such illegal activity. If the IP addresses have not been registered by its owner, we need to begin from the upper layers until we get to some results.

After finding the originating IP address of offender, we need to investigate the ISP log files to find out any clues. And collect evidential data from the servers, as we have discussed this week, the administrator of that ISP should be cooperative and we may need relevant warrants in order to be able to reach server logs.

In case of unavailability of server log files, since we know the ISP, we can install our equipment over there (We might need warrant for this as well) intercept the network traffic and collect necessary data and recover the communication content.

As soon as we receive any traffic towards our mail server, we would try to retrieve the phone number of that ISP subscriber who’s committing such a criminal activity.

After all, we should have the following items,

  • Traffic logs and analysis of our mail server
  • Modus Operandi (MO) of the offender and studying the times that he has time to begin his attack
  • The IP address and the network name that the offender use to commit the crime.
  • Log files and all other evidences of the ISP of the offender.
  • Physical address of the offender
  • Accompanying documents that compose the chain of custody

Although we have all these evidences, we might need to capture the offender at the time of committing the crime and it depends on the law and regulations of the jurisdiction.

We might also need to investigate his place in order to seize any potential evidence that can prove this case or other similar offences committed by this person. To search his place, we obviously need to have relevant permissions and warrants.

In parallel to this, we need to have an open lawsuit against our potential criminal; hence we can commence the trial as soon as we arrest the offender.


REFERENCES:

Eoghan, C. (2004) Digital Evidence and Computer Crime, Second Edition, Academic Press, ISBN-10: 0-12-163104-4

Wang, D. (2006) 'Computer Forensics: Seminar for Week 6: Network Forensics I ' [Embanet] Available at: MASSHR-CF-061123-01 Sem 6 (Accessed: December 31st, 2006)

Note: This article is prepared for the University of Liverpool.
 posted by Mohammad Ali  # 2:32 PM


Tuesday, December 12, 2006  
Useful foundstone tools
 
Dump Firefox AutoComplete Data:

This program is used to dump all stored forms in FireFox browser, I am used to work with FireFox and usually keep non-important in form auto complete database of the FireFox. Besides, it sometimes, keeps the search engine forms, this might be used in cases which we need to know if the suspect searched for a specific topic, and this might give us some clues about it.

I found some interesting information from my AutoComplete data, I partially collect them and described them below:

<field name="Subj">
<saved> Hi peter </saved>
<saved>Fwd: Ploter-Role-Paper</saved>
<saved>Fwd: Price-List</saved>
<saved>Fwd: Re: Hi</saved>
<saved>Fwd: liste gheymate khaghaz plotter roli......</saved>
<saved>Re: Anti-Spam Features</saved>
<saved>Re: Anti-Spam Features Follow-up</saved>
<saved>Re: Re: Anti-Spam Features</saved>
<saved>az tarafe man !!!</saved>
<saved>nice to hear from you :-</saved>
<saved>test</saved>
</field>

As you can see, subjects of e-mails that I have sent so far are stored within this XML code, besides, if I know which webmail system uses “Subj” as name of the text field, I might be able to know the user name and e-mail address!

Take a look at this one:

<field name="user">
<saved>sarbanha</saved>
</field>
<field name="user.email">
<saved>.....@yahoo.com</saved>
</field>

As you can see, texts in red may reveal some fact about my yahoo mail user ID and e-mail address that should be studied and searched.

Search boxes contain much of information about the criminal, collecting this information would be useful to reveal the area of interest of criminal. Look at the following sample:

<field name="searchbar-history">
<saved>('E4'/</saved>
<saved>('E4'1</saved>
<saved>*BHE ED'/ (G 4E3</saved>
<saved>007 Key logger</saved>
<saved>4GL programming languages</saved>
<saved>AD*1 4F </saved>
<saved>Academic Press</saved>
<saved>Access, Internet, and Public Libraries filetype:pdf</saved>
<saved>Active Code Review</saved>
<saved>Avaro</saved>
<saved>Axis 211 Outdoor 290B BDL</saved>
<saved>Bare Bones language</saved>
<saved>Campus networking solutions</saved>
<saved>Cisco Virtual interface</saved>
<saved>Cisco Virtual interfce</saved>
<saved>City Facilities</saved>
<saved>Collin</saved>
<saved>Computer Forensics Laboratory Personnel</saved>
<saved>DOI 10.1109/MS.2002.1003455 </saved>
<saved>DWL-3200ap</saved>
<saved>David Wang</saved>
<saved>Dell 5100c</saved>
<saved>Developers and testers relationship</saved>
<saved>Digital Evidence and computer Crime</saved>
<saved>Digital Object Identifier 10.1109/CCECE.2005.1557152 </saved>
<saved>Dubai Hotels</saved>
<saved>Ethernet checksum error</saved>
<saved>Exensys mail server</saved>
<saved>Factbook 2006</saved>
<saved>Fiber Optic</saved>
<saved>Fiber Optic Solutions</saved>
<saved>Forensic Labratory Equipments</saved>
<saved>Forensic compression</saved>
<saved>Forensic compresstion </saved>
<saved>French quotes</saved>
<saved>How can I forward traffic from Cisco to another host </saved>
<saved>How to prevent windows to show last login user</saved>
<saved>Integrated cable MAN network</saved>
<saved>Java Array of class</saved>
<saved>Key Logger</saved>
<saved>Loading Tcp Mib library error</saved>
<saved>MS IAS</saved>
<saved>MS Windows SMB</saved>
<saved>Mail Server appliance</saved>
<saved>Mc Afee antivirus solutions</saved>
<saved>Netmeeting ports</saved>
<saved>Network Attached Server</saved>
<saved>Network Attached Storage </saved>
<saved>Online traffic control system </saved>
<saved>Outdoor Internet Camera</saved>
<saved>Panasonic 1232</saved>
<saved>Panasonic D1232</saved>
<saved>Panasonic KX-T7720</saved>
<saved>Performa Invoice</saved>
<saved>Prolific technology inc</saved>
<saved>Shared excell workbook</saved>
<saved>Tcp Mib</saved>
<saved>Technical Review procedures</saved>
<saved>Web page HTML picture opacity </saved>
<saved>What is outsourcing</saved>
<saved>What is software usability </saved>
<saved>Where is Windows Virtual Memory File</saved>
<saved>Windows 2k3 price list</saved>
<saved>alles kondeh</saved>
<saved>computer forensics and countries law</saved>
<saved>computer forensics companies products and services</saved>
<saved>countries top searches</saved>
<saved>defnce attorny evidence</saved>
<saved>differences between prpject management and project manager</saved>
<saved>eclipse</saved>
<saved>ethereal</saved>
<saved>ethical issues of criminal activities</saved>
<saved>forensics tools and software</saved>
<saved>free key logger</saved>
<saved>guten appetit</saved>
<saved>hard disk low level storage magnetic mechanism </saved>
<saved>hercules five myths</saved>
<saved>how to use test packages in NetBeans</saved>
<saved>magnetic flow</saved>
<saved>miriam webster</saved>
<saved>ndictionary</saved>
<saved>network interception using Cisco routers</saved>
<saved>open dictionary </saved>
<saved>sarbanha</saved>
<saved>uBR7200</saved>
<saved>waterfall development</saved>
<saved>what is chain of custody</saved>
<saved>wish you a merry cristmas</saved>
</field>

As you can see, there are lots of computer technical queries which are sent to search engines, this can reveal that the user either is interested in computer science or is an IT professional. Besides, he was looking for David Wang on the net, so there must be connection between these two people, moreover, the suspect searched for key logger which is illegal in most countries! Therefore, one might deduct that the suspect is an expert and he was looking for key logger software may be for a personal ID or information theft.

Rifiuti - A Recycle Bin Forensic Analysis Tool:
This is another software that I thought is important, it helps investigators to find out if a removed file were originally located at the place that the suspect claim, it might be useful to reveal any possible connection between the committed crime and the time of file deletion.

Forensic Toolkit:
This toolkit contains few other small tools that help to reveal valuable information about the files and other system information. One of them that I found it useful was FileStat.exe, by this program, we can find out too many detailed information about a specific file, let’s take a look at a sample output,

SD revision is 1 == SECURITY_DESCRIPTOR_REVISION1
SD's Owner is Not NULL
SD's Owner-Defaulted flag is FALSE
SID = THINKJAMMER/Mohammad Ali   S-1-5-21--995922081--242068703-823878108-1005
SD's Group-Defaulted flag is FALSE
SID = THINKJAMMER/None   S-1-5-21--995922081--242068703-823878108-513
SD's DACL is Present
SD's DACL-Defaulted flag is FALSE
  ACL has 3 ACE(s), 88 bytes used, 0 bytes free
  ACL revision is 2 == ACL_REVISION2
SID = THINKJAMMER/Mohammad Ali   S-1-5-21--995922081--242068703-823878108-1005
  ACE 0 is an ACCESS_ALLOWED_ACE_TYPE
  ACE 0 size = 36
  ACE 0 flags = 0x00
  ACE 0 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SID = NT AUTHORITY/SYSTEM   S-1-5-18
  ACE 1 is an ACCESS_ALLOWED_ACE_TYPE
  ACE 1 size = 20
  ACE 1 flags = 0x00
  ACE 1 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SID = BUILTIN/Administrators   S-1-5-32-544
  ACE 2 is an ACCESS_ALLOWED_ACE_TYPE
  ACE 2 size = 24
  ACE 2 flags = 0x00
  ACE 2 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SD's SACL is Not Present
Stream 1:
Type: Security
Stream name =  Size: 164

Stream 2:
Type: Data
Stream name =  Size: 5087

Stream 3:
Type: Unknown
Stream name =  Size: 64

As you can see, it shows the user access properties of a file; this might be used to check if it’s possible for a particular user to perform any action. For example, the user Mohammad Ali can Read, Write, Execute, Delete and even change the permissions and taking the ownership of it. (This can be learnt from ACE 0 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN).

It also reveals the ownership of the file. Well, one might argue that this feature is available by windows itself, but the main advantage of this program is ability of retrieving and extracting information to the standard output by which we can store this information into another text file or print it.


Note: This article is prepared for the University of Liverpool.
 posted by Mohammad Ali  # 1:50 PM
 
Compression tools used in forensics
 
The size of information collected from disk might be big enough to not fit within our media during seizure of information. Therefore we need to compress the information in the way that the decompressed information would be identical to the original.

A variety of compression algorithms implemented each of which has its own cons and pros, to answer the question, I’d like to categorize compression methods two lossless and lossy methods.

With lossless methods the exact copy of the information can be retrieved from the compresses file. Software such as WinZip, PKZIP, gzip, bzip2, ARC, RAR, WinRAR and many others are of such programs.

Lossy methods are usually used to preserve network or storage resources. There are many types of information that can be compressed in this way, for instance, images are always stored in a compressed format, Videos, Audios and streamed information like VoIP communications; all of them are compressed with lossy compression algorithms; the idea behind lossy compression was mainly because of storing and transmitting those types of media contents that their details are not fully recognizable by our senses, for example, a GSM mobile network uses 9600bps to transmit the voice content, which is enough to completely recognize the speech while speaking over the cell phone, it preserves the network capacity while makes an acceptable quality of service. Algorithms like DivX, JPEG, MPEG, MP3, WMA and GSM Codecs are all samples of different compression methods.

The need of compression of the digital evidence is not just because of saving storage space, in some cases, it’s necessary to transmit the content to the laboratory or courtroom over the net to be used in time; therefore, compression method used for this purpose should be capable of preserving the original information as a bit-per-bit copy of the original data.


Note: This article is prepared for the University of Liverpool.
 posted by Mohammad Ali  # 1:40 PM


Sunday, November 26, 2006  
Companies specializing in computer forensics software or services
 
There are two types of companies in computer forensics field, first, those who are producing software and hardware tools, second, those who provide services. Nonetheless, there are other companies that they produce tools but they have their own team to handle digital evidence collect information from digital/computer systems.

I found three companies that provide various services, so I couldn’t produce tabular comparison, they nonetheless work in forensics field, and this is common between them.

X-Ways Software Technology AG1, this company produce a software named WinHex which is specialized tool for analyzing and working with raw information within memory or hard disk. Besides many technical features, it’s empowered by some forensics tools and extra features that can help forensics examiners to extract information from a digital media, such as files, disks or memory of the computers.

Here are some of the WinHex features that can be used for forensics examination:

  • Disk Editor, File Editor, RAM Editor
  • Directory Browser for FAT, NTFS, Ext2/Ext3, ReiserFS, CDFS/ISO9660, UDF
  • Disk Cloning/Disk Imaging under DOS and Windows
  • Data Recovery
  • Partition Recovery/Boot Record Recovery
  • Hard Drive Cleansing/Disk wiping
  • File Slack Capturing
  • Unused Space Capturing
  • Inter-Partition Space Capturing
  • Text Capturing
  • Disk Catalog Creation
  • Media Details Report
  • Interpret Image As Disk
  • Data Interpreter
  • Data Analysis
  • Binary/Text Search
  • Bate-Numbering Files
  • Checksum calculation with CRC16, CRC32, MD5, SHA-1, SHA-256, PSCHF

The second company that I have found, Computer Forensic Services (CFS)2, provides services, this company doesn’t produce any product, but they have their own software and hardware tools in order to provide their services.

Their services cover requirements of a wide range of customers, individuals, corporations, law firms, regulatory bodies and courts. Their main services are as follows:

  • Electronic Data Discovery (EDD), they extract and collect useful information for judgment.
  • Complete Forensic Investigation Service
  • Incident Response and Forensics, they help organizations to identify vulnerabilities and help them to be prepared for incidents, they also consult during incidents.
  • Forensic Processing of Computer Evidence, by this service they process and investigate information for forensic purposes.

They also made this point that they don’t conduct Criminal Defense services. From this, I thought that there might be people who conduct such services for criminals!

The last company I came across is also called “Computer Forensic Services”3, it provides the following services:

  • Electronic Discovery, which is collection, preservation, recovery, analysis and preparation of information that originally stored on electronic media.
  • Computer forensics, Computer forensics is the scientific process of capturing (imaging) and analyzing information stored in any electronic format, for the purpose of investigating allegations, to find the truth, with no predisposition as to the outcome.
  • Information Security, CFS provides a full range of information security services, including Assessment/Discover, Build/Development, Monitoring.
  • Litigation Support, after evidence preparation, the company will support its customer to prepare the case to provide it to court, and consult throughout any incident.
  • Law Enforcement support, the company provides training and support for law enforcement community.
  • Electronic Countermeasures, consulting to improve digital security and helps to collect necessary information that can be used against criminals in court.

All of the companies that I have found, try to discover and analyze the information that can be used for trial as digital evidences. Each of which supports their clients in order to produce acceptable and provable evidence in court. Therefore, processing the collected information can be done with themselves.

REFERENCES:

[1] X-Ways Software Technology AG, http://www.x-ways.net/ , (Accessed Nov. 29th,2006)

[2] Computer Forensic Services (CFS), http://www.computer-forensic.com/ , (Accessed Nov. 29th,2006)

[3] Computer Forensic Services, http://www.compforensics.com/ , (Accessed Nov. 29th,2006)

Note: This article is prepared for university of Liverpool.
 posted by Mohammad Ali  # 1:01 AM


Wednesday, October 04, 2006  
Properties of JDK which could be verified or validated
 
Verification proves that a product meets all requirements that have been specified during the previous activities and these activities are carried out correctly, whereas validation is concerned about meeting the user’s requirements [Lewis, 2005, p.7].

As we all know, JDK can be either verified or validated, because it’s delivered in two different ways, Sun provides JDK as a source code package as well as compiled version. Therefore customer can go through the source code and investigate software flaws (if there is any). I’d like to highlight few properties by which we can verify or validate this software. The table below listed some of the properties that I want to discuss them.


        Property                      Verify     Validate
-------------------------------------------------------------
Source Code Documentation               X
Software portability                    X
Error Handling                          X            X
Objects and Functions Integrity         X            X
Code Efficiency                         X
Usability                                            X
User Friendliness                                    X
Software Documentation                               X


Source Code Documentation is the process that continually should be maintained during the software development; otherwise as the program grows it becomes unmanageable when there is not adequate code documentation. I believe this is the property which should be verified throughout entire process of software development. If we look through Java Source code we would find many documented codes throughout source codes. Of course it can be observed by end user, since the code is freely available but this code documentation has been done during development.

Let’s take a look at a piece of code that accompanies JDK compiled version.


/*
* Structures to define packet layout.
*
* See: http://java.sun.com/j2se/1.5/docs/guide/jpda/jdwp-spec.html
*/

enum {
JDWPTRANSPORT_FLAGS_NONE     = 0x0,
JDWPTRANSPORT_FLAGS_REPLY    = 0x80
};

typedef struct {
jint len;
jint id;
jbyte flags;
jbyte cmdSet;
* Source code is copied from a JDK Include file.


The highlighted part of the code is an HTML which describes this part of the code and can be delivered to the end user, obviously correctness of it can not be validated because the producer should provide this information to the customer, but it can be verified by producer.

Software Portability is one of the concerns of Java developers and Sun Microsystems; they claim that their product creates a virtual environment which can be executed on a vast variety of platforms, which means platform independency. Sun could get to this point that the major platforms support Java, since Sun doesn’t allow any other bodies to redistribute its product nobody can port the latest version of Sun Java to another platforms, FreeBSD and OpenBSD suffering from these kinds of restrictions, though there are some improvements in this area and old releases of Java has been ported to FreeBSD but I myself couldn’t get a considerable result from them, they do not support full Java features.

Error Handling is one of the most important features that software must have, dealing with internal errors as well as user errors, graceful internal error handling should be considered during software development; therefore, any internal errors that happens for any reason must be handled in the way that can be traced and corrected. JDK developers should consider error handling and verify it to generate acceptable error messages that lead the user to the failure point. In another hand, the user should be able to receive adequate and understandable error messages when he uses this product which falls into validation process.

Objects and Functions Integrity should be controlled, verified and validated during development process and after it, a failure in a mathematical function would lead to a catastrophe, or maybe a security function if it doesn’t perform correctly in a certain circumstances would make the software useless. So this can be verified throughout and after development process.

Code Efficiency purely needs verification, continuous changes of codes and program units is to reach to an efficient piece of code with less complexity and higher performance, this can not be validated as a Code Efficiency verification, but the user may run a benchmarking test to measure the performance and validate the product.

Usability of the software is a quality property by which we determine how a user can use this software with less difficulty and get benefit of this product, Wikipedia has a good definition for Software Usability, “Usability is a term used to denote the ease with which people can employ a particular tool or other human-made object in order to achieve a particular goal. Usability can also refer to the methods of measuring usability and the study of the principles behind an object's perceived efficiency or elegance.” [Wikipedia.org] This should be validated by user.

User Friendliness is considered as a factor of user satisfactory, ease of use along with logical combination of tools and utilities. Friendliness of JDK is a subject of many controversies, it’s easy to develop a software but standard development and debugging tools were not fast enough and there was not integrated software development tool for it until Forte for Java, SunOne Studio and NetBeans evolved to this point that I believe they have put a great effort to provide such complex tools. Honestly, I believe they are still slow in compare to other competitors.

Software Documentation which is the most important factor of quality has been done in a very nice and user friendly format, JavaDoc which is initially used for internal JDK documentation is turned to a tool for Java developers, almost all of methods and objects are clearly discussed and covered in Java documentation and available when it’s delivered to the end user. Although Software Documentation can be validated during product generation process, it’s intended to provide adequate information to end users in order to get benefit of the delivered software. So I think this is users right to validate the Software Documentation conformance to the delivered product.

In this article, some of properties can be either validated or verified, like Software Documentation with slight changes or Error Handling as I mentioned above.
User Friendliness, for example, is a quality property which can be measured when a user works with the software, but it’s also possible to employ apply psychology, ergonomics and few other facts to formulate the User Friendliness of software, in this way, the delivered product corresponds to the user requirements.

REFERENCES:

Lewis, W.E. (2005) Software Testing and Continuous Quality Improvement, Second Edition, Auerbach Publication, USA, ISBN: 0-8493-2524-2

Livadas, L. (2006) 'Management of QA and Software Testing, Seminar for Week 1: Overview of Quality Assurance Techniques' [Embanet] Available at: MASSHR-QA-060928-01 Sem 1 (Accessed: 30 Sep. 2006)

Wikipedia.org (2006) ‘Usability’ [Internet] Available at: http://en.wikipedia.org/wiki/Software_usability (Accessed: October 4th, 2006)

Note: This article is prepared for the University of Liverpool.
 posted by Mohammad Ali  # 3:37 PM


Thursday, December 29, 2005  
The technology in next 50 years
 
We all know that the technology is strongly tightened with our lives; if we look around we can easily find technology footprints. We are surrounded by technology, we are borne with technology and live with technology. It's been long time that this phenomenon is penetrated to any aspect of our life.

As a proof we can refer to UNESCO reports and announcements that define literate individuals as people who are able to program computers. This implies the fact that we need to employ technology in order to find ourselves as a member of a modern society.

This is the beginning, technology growth will never stop, and hence living in modern societies enforces us to employ this phenomenon more than ever. No one could believe that those big, heavy and low quality music players would be replaced by small, light and high quality digital music players? This particular example shows the tremendous increase of mass storages density, at the century of information, mass storage devices became abundant and everybody holds a huge amount of information in hand and move them as he walks.

Next 50 years is the scene of battle of technology owners to consume more resources and bring us more technological facilities to ease our life. Having integrated communication devices makes the world smaller than ever, every body can communicate with his/her family within a fraction of time, yet another question, does this small world make people closer when you can sit far away from your family and speak to them remotely? What does it mean when we say to our friend "see you soon" or "be in touch"? In my point of view technology can be a strong wall with a small window between individuals. Today is the time of thinking about what we have lost and what we are losing, we achieved a lot, still there is a long way but if we forget ourselves we might consume human being existence to produce technological innovations.

From a positive point of view, we can expect upcoming innovations helping us to think and see our surroundings better than before, exploring further areas in space, recovering our consumed resources by out sourcing from other planets.

Today, technology is the most important part of our life; we can not eliminate it as it's growing as human being grows, it continues and we expect more and more innovations as result of technology progress. To believe or not, we will use this phenomenon in all aspects of our life.

Author: Mohammad Ali Sarbanha
Editor: Mrs. F. Nezami
 posted by Mohammad Ali  # 3:50 PM


Thursday, September 15, 2005  
Using NetMeeting to share your Desktop
 
NetMeeting, like any other Client-Server technologies, need two different types of configuration to share your home desktop to be accessed from remote.
At Server side you need to configure NetMeeting to host your connection session, after configuring the server side you will have a service running on your system waiting for remote connections, for the client side you don’t need to do very specific settings.

Read full story.
 posted by Mohammad Ali  # 1:16 PM

Archives

September 2004   October 2004   November 2004   December 2004   January 2005   March 2005   April 2005   May 2005   July 2005   September 2005   December 2005   October 2006   November 2006   December 2006   January 2007  

This page is powered by Blogger. Isn't yours?



Copyright@2004, All rights reserved.