My recent activities!

Crimes and P2P Networks

2007-01-10T14:42:00.000+03:30

P2P networks are intended to connect hosts that are connected to the Internet in order to interchange files directly, this method, technically, has a nice and smart idea behind it, but it takes the control away for authorities and digital content owners.

One of the most discussed cases of P2P crimes is violation of intellectual properties rights, books, multimedia and software are subjects of this type of crimes. With a P2P network, one can search and find other peers that have or pretend having files that he or she needs. Searching the net reveals that there are many cases versus P2P companies and developers, such as GRANT T. STANLEY [CyberCrime.gov, 2006].

Distributing malware, viruses, worms and exploits are other important issues which its complexity is completely different from intellectual property issues. Computer literates know that downloading files might contain malwares that can not be recognized by security software. Malwares might be buried under a bulk of installation files of the real software and a forged setup file might release the malware.
I tried to search for a specific software, I found many files with the same identification but different sizes! Therefore, you can easily deduct that at least one of them carries the malware.

Another type of such criminal activity is expediting the distribution of paparazzi contents, few months ago very private films of one of the famous actresses in Iran had been distributed over the net through P2P systems, this caused a law suite against the perpetrator and he is sentenced to be executed!

Although there is no control over P2P services like eMule which is fully distributed over the internet with no central managing organization, there must be precautionary measures to be taken into account to reduce the chance of criminal activities; in P2P systems there are huge amounts of files and transmission stream which can not be logged centrally, file fragments might be downloaded from a multitude of other nodes, so this makes it quite difficult to rely on log files while investigating a case. Therefore, live capture of network traffic and cooperation of ISP is also required. Moreover, it might be possible to fake a client in order to communicate with that person in order to make the criminal busy and at the same time police can take an action and capture the perpetrator at the time that the crime happens.

A challenging part of the investigation is that the digital information can not be reconstructed in the way that can be used in the court room. Therefore, investigators should be able to collect enough data to establish strong incriminating evidence.

Another important part of investigation that should be considered is that ISPs should cooperate in this investigation, they might ask for any official documents such as warrants that allow investigators to investigate network or capture required network traffic silently.

Depending on case conditions, investigators might need to travel abroad or ask very remote ISPs to cooperate with them, they would obviously need network investigation warrants from the ISP’s local jurisdiction. As we have discussed this week, we might not be able to get required warrants from some countries, they might not cooperate in investigation, therefore, we might not be able to reach perpetrator at all.

According to my researches, most of the P2P cases were followed by prosecution of the P2P developers or companies. Many P2P companies and individuals are sentenced because of their law-breaking innovations! Napster, bitTorrent, Kazaa and many others.

I believe a standardized P2P can solve the problem when it’s being supported by controlling mechanisms in order to allow each ISP watching the P2P network traffics, analyze the traffic easily and warn its client if the content is not allowed to be transferred. Well, one might argue that we can not recognize and analyze all traffic of the network; nonetheless, I think we can develop new mechanisms of digital content sharing that the delivered content can be watermarked in such way that detective software can distinguish between legal and illegal files and notify the administrators of the ISP.

REFERENCES:

Cybercrime.gov (2006) ‘Wise, Virginia Man Sentenced in Peer-to-Peer Piracy Crackdown’ [Internet] Available at: http://www.cybercrime.gov/stanleySent.htm (Accessed: 2007-01-10)

Fred von Lohmann (2006) ‘IAAL*: What Peer-to-Peer Developers Need to Know about Copyright Law’ Electronic Frontier Foundation, fred@eff.org, v. 5.0, January 2006 [Intrnet] Available at: http://www.eff.org/IP/P2P/p2p_copyright_wp.php (Accessed: 2007-01-10)

Thomas Mennecke (2006) ‘Case Against Patti Santangelo Dropped’ [Internet] Available at: http://www.slyck.com/story1364.html (Accessed: 2007-01-10)

Kristyn Maslog-Levis (2005) ‘Aussie BitTorrent case to test Aust-US FTA’, ZDNet Australia [Internet] Available at: http://www.bilaterals.org/article.php3?id_article=1457 (Accessed: 2007-01-10)

BBC.CO.UK (2005) ‘Kazaa hit by file-sharing ruling’ [Internet] Available at: http://news.bbc.co.uk/1/hi/technology/4214810.stm (Accessed: 2007-01-10)

BBC.CO.UK (2005) ‘Judge backs case against Kazaa’ [Internet] Available at: http://news.bbc.co.uk/1/hi/entertainment/music/2514153.stm (Accessed: 2007-01-10)

BBC.CO.UK (2005) ‘BitTorrent user guilty of piracy’ [Internet] Available at: http://news.bbc.co.uk/2/hi/technology/4374222.stm (Accessed: 2007-01-10)

Napster Cases, http://www.eff.org/IP/P2P/Napster/ (Accessed: 2007-01-10)

MGM v. Grokster, http://www.eff.org/IP/P2P/MGM_v_Grokster/ (Accessed: 2007-01-10)

Napster Cases, http://www.riaa.com/News/filings/napster.asp (Accessed: 2007-01-10)

Note: This article is prepared for the University of Liverpool.

Email information leakage investigation

2007-01-03T14:32:00.000+03:30

Precautionary actions:

In order to prevent more information leakage, all incoming e-mails are forwarded to a temporary alias e-mail address. Afterward, one of the IT personnel is assigned to feed the mailbox with fake and unreal information that look real by which we can keep the criminal watching the mailbox.

Digital evidence collection/reduction and collection:

In this phase, all SMTP connections for mail relay, POP, IMAP and web connections that try to access this specific mail box should be recorded and logged, since we can not distinguish between different mailboxes while TCP connections are being intercepted, we need to recover contents of all TCP packets coming and leaving the mail server, after information recovery, we need to filter unwanted data and keep the necessary data.

In order to intercept the packets we can use Ethereal in bottleneck of the network or on the mail server itself. Ethereal has a very nice tool that can reconstruct the fragmented TCP packet from captured network packets. However, we may need NetIntercept software that can deal with mime contents.

After all, we need to identify the offender, what we have at hand is the model and the time that the offender tries to intrude. The time might reveal the time zone of the place that he lives and leads us to the relevant public IP addresses databases, such as arin.net and ripe.net, checking the IP address leads us to the geographical location of the person who performs such illegal activity. If the IP addresses have not been registered by its owner, we need to begin from the upper layers until we get to some results.

After finding the originating IP address of offender, we need to investigate the ISP log files to find out any clues. And collect evidential data from the servers, as we have discussed this week, the administrator of that ISP should be cooperative and we may need relevant warrants in order to be able to reach server logs.

In case of unavailability of server log files, since we know the ISP, we can install our equipment over there (We might need warrant for this as well) intercept the network traffic and collect necessary data and recover the communication content.

As soon as we receive any traffic towards our mail server, we would try to retrieve the phone number of that ISP subscriber who’s committing such a criminal activity.

After all, we should have the following items,

Traffic logs and analysis of our mail server
Modus Operandi (MO) of the offender and studying the times that he has time to begin his attack
The IP address and the network name that the offender use to commit the crime.
Log files and all other evidences of the ISP of the offender.
Physical address of the offender
Accompanying documents that compose the chain of custody

Although we have all these evidences, we might need to capture the offender at the time of committing the crime and it depends on the law and regulations of the jurisdiction.

We might also need to investigate his place in order to seize any potential evidence that can prove this case or other similar offences committed by this person. To search his place, we obviously need to have relevant permissions and warrants.

In parallel to this, we need to have an open lawsuit against our potential criminal; hence we can commence the trial as soon as we arrest the offender.

REFERENCES:

Eoghan, C. (2004) Digital Evidence and Computer Crime, Second Edition, Academic Press, ISBN-10: 0-12-163104-4

Wang, D. (2006) 'Computer Forensics: Seminar for Week 6: Network Forensics I ' [Embanet] Available at: MASSHR-CF-061123-01 Sem 6 (Accessed: December 31st, 2006)

Note: This article is prepared for the University of Liverpool.

Useful foundstone tools

2006-12-12T13:50:00.003+03:30

Dump Firefox AutoComplete Data:

This program is used to dump all stored forms in FireFox browser, I am used to work with FireFox and usually keep non-important in form auto complete database of the FireFox. Besides, it sometimes, keeps the search engine forms, this might be used in cases which we need to know if the suspect searched for a specific topic, and this might give us some clues about it.

I found some interesting information from my AutoComplete data, I partially collect them and described them below:

<field name="Subj">
<saved> Hi peter </saved>
<saved>Fwd: Ploter-Role-Paper</saved>
<saved>Fwd: Price-List</saved>
<saved>Fwd: Re: Hi</saved>
<saved>Fwd: liste gheymate khaghaz plotter roli......</saved>
<saved>Re: Anti-Spam Features</saved>
<saved>Re: Anti-Spam Features Follow-up</saved>
<saved>Re: Re: Anti-Spam Features</saved>
<saved>az tarafe man !!!</saved>
<saved>nice to hear from you :-</saved>
<saved>test</saved>
</field>

As you can see, subjects of e-mails that I have sent so far are stored within this XML code, besides, if I know which webmail system uses “Subj” as name of the text field, I might be able to know the user name and e-mail address!

Take a look at this one:

<field name="user">
<saved>sarbanha</saved>
</field>
<field name="user.email">
<saved>.....@yahoo.com</saved>
</field>

As you can see, texts in red may reveal some fact about my yahoo mail user ID and e-mail address that should be studied and searched.

Search boxes contain much of information about the criminal, collecting this information would be useful to reveal the area of interest of criminal. Look at the following sample:

<field name="searchbar-history">
<saved>('E4'/</saved>
<saved>('E4'1</saved>
<saved>*BHE ED'/ (G 4E3</saved>
<saved>007 Key logger</saved>
<saved>4GL programming languages</saved>
<saved>AD*1 4F </saved>
<saved>Academic Press</saved>
<saved>Access, Internet, and Public Libraries filetype:pdf</saved>
<saved>Active Code Review</saved>
<saved>Avaro</saved>
<saved>Axis 211 Outdoor 290B BDL</saved>
<saved>Bare Bones language</saved>
<saved>Campus networking solutions</saved>
<saved>Cisco Virtual interface</saved>
<saved>Cisco Virtual interfce</saved>
<saved>City Facilities</saved>
<saved>Collin</saved>
<saved>Computer Forensics Laboratory Personnel</saved>
<saved>DOI 10.1109/MS.2002.1003455 </saved>
<saved>DWL-3200ap</saved>
<saved>David Wang</saved>
<saved>Dell 5100c</saved>
<saved>Developers and testers relationship</saved>
<saved>Digital Evidence and computer Crime</saved>
<saved>Digital Object Identifier 10.1109/CCECE.2005.1557152 </saved>
<saved>Dubai Hotels</saved>
<saved>Ethernet checksum error</saved>
<saved>Exensys mail server</saved>
<saved>Factbook 2006</saved>
<saved>Fiber Optic</saved>
<saved>Fiber Optic Solutions</saved>
<saved>Forensic Labratory Equipments</saved>
<saved>Forensic compression</saved>
<saved>Forensic compresstion </saved>
<saved>French quotes</saved>
<saved>How can I forward traffic from Cisco to another host </saved>
<saved>How to prevent windows to show last login user</saved>
<saved>Integrated cable MAN network</saved>
<saved>Java Array of class</saved>
<saved>Key Logger</saved>
<saved>Loading Tcp Mib library error</saved>
<saved>MS IAS</saved>
<saved>MS Windows SMB</saved>
<saved>Mail Server appliance</saved>
<saved>Mc Afee antivirus solutions</saved>
<saved>Netmeeting ports</saved>
<saved>Network Attached Server</saved>
<saved>Network Attached Storage </saved>
<saved>Online traffic control system </saved>
<saved>Outdoor Internet Camera</saved>
<saved>Panasonic 1232</saved>
<saved>Panasonic D1232</saved>
<saved>Panasonic KX-T7720</saved>
<saved>Performa Invoice</saved>
<saved>Prolific technology inc</saved>
<saved>Shared excell workbook</saved>
<saved>Tcp Mib</saved>
<saved>Technical Review procedures</saved>
<saved>Web page HTML picture opacity </saved>
<saved>What is outsourcing</saved>
<saved>What is software usability </saved>
<saved>Where is Windows Virtual Memory File</saved>
<saved>Windows 2k3 price list</saved>
<saved>alles kondeh</saved>
<saved>computer forensics and countries law</saved>
<saved>computer forensics companies products and services</saved>
<saved>countries top searches</saved>
<saved>defnce attorny evidence</saved>
<saved>differences between prpject management and project manager</saved>
<saved>eclipse</saved>
<saved>ethereal</saved>
<saved>ethical issues of criminal activities</saved>
<saved>forensics tools and software</saved>
<saved>free key logger</saved>
<saved>guten appetit</saved>
<saved>hard disk low level storage magnetic mechanism </saved>
<saved>hercules five myths</saved>
<saved>how to use test packages in NetBeans</saved>
<saved>magnetic flow</saved>
<saved>miriam webster</saved>
<saved>ndictionary</saved>
<saved>network interception using Cisco routers</saved>
<saved>open dictionary </saved>
<saved>sarbanha</saved>
<saved>uBR7200</saved>
<saved>waterfall development</saved>
<saved>what is chain of custody</saved>
<saved>wish you a merry cristmas</saved>
</field>

As you can see, there are lots of computer technical queries which are sent to search engines, this can reveal that the user either is interested in computer science or is an IT professional. Besides, he was looking for David Wang on the net, so there must be connection between these two people, moreover, the suspect searched for key logger which is illegal in most countries! Therefore, one might deduct that the suspect is an expert and he was looking for key logger software may be for a personal ID or information theft.

Rifiuti - A Recycle Bin Forensic Analysis Tool:
This is another software that I thought is important, it helps investigators to find out if a removed file were originally located at the place that the suspect claim, it might be useful to reveal any possible connection between the committed crime and the time of file deletion.

Forensic Toolkit:
This toolkit contains few other small tools that help to reveal valuable information about the files and other system information. One of them that I found it useful was FileStat.exe, by this program, we can find out too many detailed information about a specific file, let’s take a look at a sample output,

SD revision is 1 == SECURITY_DESCRIPTOR_REVISION1
SD's Owner is Not NULL
SD's Owner-Defaulted flag is FALSE
SID = THINKJAMMER/Mohammad Ali   S-1-5-21--995922081--242068703-823878108-1005
SD's Group-Defaulted flag is FALSE
SID = THINKJAMMER/None   S-1-5-21--995922081--242068703-823878108-513
SD's DACL is Present
SD's DACL-Defaulted flag is FALSE
  ACL has 3 ACE(s), 88 bytes used, 0 bytes free
  ACL revision is 2 == ACL_REVISION2
SID = THINKJAMMER/Mohammad Ali   S-1-5-21--995922081--242068703-823878108-1005
  ACE 0 is an ACCESS_ALLOWED_ACE_TYPE
  ACE 0 size = 36
  ACE 0 flags = 0x00
  ACE 0 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SID = NT AUTHORITY/SYSTEM   S-1-5-18
  ACE 1 is an ACCESS_ALLOWED_ACE_TYPE
  ACE 1 size = 20
  ACE 1 flags = 0x00
  ACE 1 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SID = BUILTIN/Administrators   S-1-5-32-544
  ACE 2 is an ACCESS_ALLOWED_ACE_TYPE
  ACE 2 size = 24
  ACE 2 flags = 0x00
  ACE 2 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN
SD's SACL is Not Present
Stream 1:
Type: Security
Stream name =  Size: 164

Stream 2:
Type: Data
Stream name =  Size: 5087

Stream 3:
Type: Unknown
Stream name =  Size: 64

As you can see, it shows the user access properties of a file; this might be used to check if it’s possible for a particular user to perform any action. For example, the user Mohammad Ali can Read, Write, Execute, Delete and even change the permissions and taking the ownership of it. (This can be learnt from ACE 0 mask = 0x001f01ff -R -W -X -D -DEL_CHILD -CHANGE_PERMS -TAKE_OWN).

It also reveals the ownership of the file. Well, one might argue that this feature is available by windows itself, but the main advantage of this program is ability of retrieving and extracting information to the standard output by which we can store this information into another text file or print it.

Note: This article is prepared for the University of Liverpool.

Compression tools used in forensics

2006-12-12T13:40:00.000+03:30

The size of information collected from disk might be big enough to not fit within our media during seizure of information. Therefore we need to compress the information in the way that the decompressed information would be identical to the original.

A variety of compression algorithms implemented each of which has its own cons and pros, to answer the question, I’d like to categorize compression methods two lossless and lossy methods.

With lossless methods the exact copy of the information can be retrieved from the compresses file. Software such as WinZip, PKZIP, gzip, bzip2, ARC, RAR, WinRAR and many others are of such programs.

Lossy methods are usually used to preserve network or storage resources. There are many types of information that can be compressed in this way, for instance, images are always stored in a compressed format, Videos, Audios and streamed information like VoIP communications; all of them are compressed with lossy compression algorithms; the idea behind lossy compression was mainly because of storing and transmitting those types of media contents that their details are not fully recognizable by our senses, for example, a GSM mobile network uses 9600bps to transmit the voice content, which is enough to completely recognize the speech while speaking over the cell phone, it preserves the network capacity while makes an acceptable quality of service. Algorithms like DivX, JPEG, MPEG, MP3, WMA and GSM Codecs are all samples of different compression methods.

The need of compression of the digital evidence is not just because of saving storage space, in some cases, it’s necessary to transmit the content to the laboratory or courtroom over the net to be used in time; therefore, compression method used for this purpose should be capable of preserving the original information as a bit-per-bit copy of the original data.

Note: This article is prepared for the University of Liverpool.

Companies specializing in computer forensics software or services

2006-11-26T01:01:00.003+03:30

There are two types of companies in computer forensics field, first, those who are producing software and hardware tools, second, those who provide services. Nonetheless, there are other companies that they produce tools but they have their own team to handle digital evidence collect information from digital/computer systems.

I found three companies that provide various services, so I couldn’t produce tabular comparison, they nonetheless work in forensics field, and this is common between them.

X-Ways Software Technology AG¹, this company produce a software named WinHex which is specialized tool for analyzing and working with raw information within memory or hard disk. Besides many technical features, it’s empowered by some forensics tools and extra features that can help forensics examiners to extract information from a digital media, such as files, disks or memory of the computers.

Here are some of the WinHex features that can be used for forensics examination:

Disk Editor, File Editor, RAM Editor
Directory Browser for FAT, NTFS, Ext2/Ext3, ReiserFS, CDFS/ISO9660, UDF
Disk Cloning/Disk Imaging under DOS and Windows
Data Recovery
Partition Recovery/Boot Record Recovery
Hard Drive Cleansing/Disk wiping
File Slack Capturing
Unused Space Capturing
Inter-Partition Space Capturing
Text Capturing
Disk Catalog Creation
Media Details Report
Interpret Image As Disk
Data Interpreter
Data Analysis
Binary/Text Search
Bate-Numbering Files
Checksum calculation with CRC16, CRC32, MD5, SHA-1, SHA-256, PSCHF

The second company that I have found, Computer Forensic Services (CFS)², provides services, this company doesn’t produce any product, but they have their own software and hardware tools in order to provide their services.

Their services cover requirements of a wide range of customers, individuals, corporations, law firms, regulatory bodies and courts. Their main services are as follows:

Electronic Data Discovery (EDD), they extract and collect useful information for judgment.
Complete Forensic Investigation Service
Incident Response and Forensics, they help organizations to identify vulnerabilities and help them to be prepared for incidents, they also consult during incidents.
Forensic Processing of Computer Evidence, by this service they process and investigate information for forensic purposes.

They also made this point that they don’t conduct Criminal Defense services. From this, I thought that there might be people who conduct such services for criminals!

The last company I came across is also called “Computer Forensic Services”³, it provides the following services:

Electronic Discovery, which is collection, preservation, recovery, analysis and preparation of information that originally stored on electronic media.
Computer forensics, Computer forensics is the scientific process of capturing (imaging) and analyzing information stored in any electronic format, for the purpose of investigating allegations, to find the truth, with no predisposition as to the outcome.
Information Security, CFS provides a full range of information security services, including Assessment/Discover, Build/Development, Monitoring.
Litigation Support, after evidence preparation, the company will support its customer to prepare the case to provide it to court, and consult throughout any incident.
Law Enforcement support, the company provides training and support for law enforcement community.
Electronic Countermeasures, consulting to improve digital security and helps to collect necessary information that can be used against criminals in court.

All of the companies that I have found, try to discover and analyze the information that can be used for trial as digital evidences. Each of which supports their clients in order to produce acceptable and provable evidence in court. Therefore, processing the collected information can be done with themselves.

REFERENCES:

[1] X-Ways Software Technology AG, http://www.x-ways.net/ , (Accessed Nov. 29th,2006)

[2] Computer Forensic Services (CFS), http://www.computer-forensic.com/ , (Accessed Nov. 29th,2006)

[3] Computer Forensic Services, http://www.compforensics.com/ , (Accessed Nov. 29th,2006)

Note: This article is prepared for university of Liverpool.

Properties of JDK which could be verified or validated

2006-10-04T15:37:00.018+03:30

Verification proves that a product meets all requirements that have been specified during the previous activities and these activities are carried out correctly, whereas validation is concerned about meeting the user’s requirements [Lewis, 2005, p.7].

As we all know, JDK can be either verified or validated, because it’s delivered in two different ways, Sun provides JDK as a source code package as well as compiled version. Therefore customer can go through the source code and investigate software flaws (if there is any). I’d like to highlight few properties by which we can verify or validate this software. The table below listed some of the properties that I want to discuss them.


        Property                      Verify     Validate
-------------------------------------------------------------
Source Code Documentation               X
Software portability                    X
Error Handling                          X            X
Objects and Functions Integrity         X            X
Code Efficiency                         X
Usability                                            X
User Friendliness                                    X
Software Documentation                               X

Source Code Documentation is the process that continually should be maintained during the software development; otherwise as the program grows it becomes unmanageable when there is not adequate code documentation. I believe this is the property which should be verified throughout entire process of software development. If we look through Java Source code we would find many documented codes throughout source codes. Of course it can be observed by end user, since the code is freely available but this code documentation has been done during development.

Let’s take a look at a piece of code that accompanies JDK compiled version.


/*
* Structures to define packet layout.
*
* See: http://java.sun.com/j2se/1.5/docs/guide/jpda/jdwp-spec.html
*/

enum {
JDWPTRANSPORT_FLAGS_NONE     = 0x0,
JDWPTRANSPORT_FLAGS_REPLY    = 0x80
};

typedef struct {
jint len;
jint id;
jbyte flags;
jbyte cmdSet;
* Source code is copied from a JDK Include file.

The highlighted part of the code is an HTML which describes this part of the code and can be delivered to the end user, obviously correctness of it can not be validated because the producer should provide this information to the customer, but it can be verified by producer.

Software Portability is one of the concerns of Java developers and Sun Microsystems; they claim that their product creates a virtual environment which can be executed on a vast variety of platforms, which means platform independency. Sun could get to this point that the major platforms support Java, since Sun doesn’t allow any other bodies to redistribute its product nobody can port the latest version of Sun Java to another platforms, FreeBSD and OpenBSD suffering from these kinds of restrictions, though there are some improvements in this area and old releases of Java has been ported to FreeBSD but I myself couldn’t get a considerable result from them, they do not support full Java features.

Error Handling is one of the most important features that software must have, dealing with internal errors as well as user errors, graceful internal error handling should be considered during software development; therefore, any internal errors that happens for any reason must be handled in the way that can be traced and corrected. JDK developers should consider error handling and verify it to generate acceptable error messages that lead the user to the failure point. In another hand, the user should be able to receive adequate and understandable error messages when he uses this product which falls into validation process.

Objects and Functions Integrity should be controlled, verified and validated during development process and after it, a failure in a mathematical function would lead to a catastrophe, or maybe a security function if it doesn’t perform correctly in a certain circumstances would make the software useless. So this can be verified throughout and after development process.

Code Efficiency purely needs verification, continuous changes of codes and program units is to reach to an efficient piece of code with less complexity and higher performance, this can not be validated as a Code Efficiency verification, but the user may run a benchmarking test to measure the performance and validate the product.

Usability of the software is a quality property by which we determine how a user can use this software with less difficulty and get benefit of this product, Wikipedia has a good definition for Software Usability, “Usability is a term used to denote the ease with which people can employ a particular tool or other human-made object in order to achieve a particular goal. Usability can also refer to the methods of measuring usability and the study of the principles behind an object's perceived efficiency or elegance.” [Wikipedia.org] This should be validated by user.

User Friendliness is considered as a factor of user satisfactory, ease of use along with logical combination of tools and utilities. Friendliness of JDK is a subject of many controversies, it’s easy to develop a software but standard development and debugging tools were not fast enough and there was not integrated software development tool for it until Forte for Java, SunOne Studio and NetBeans evolved to this point that I believe they have put a great effort to provide such complex tools. Honestly, I believe they are still slow in compare to other competitors.

Software Documentation which is the most important factor of quality has been done in a very nice and user friendly format, JavaDoc which is initially used for internal JDK documentation is turned to a tool for Java developers, almost all of methods and objects are clearly discussed and covered in Java documentation and available when it’s delivered to the end user. Although Software Documentation can be validated during product generation process, it’s intended to provide adequate information to end users in order to get benefit of the delivered software. So I think this is users right to validate the Software Documentation conformance to the delivered product.

In this article, some of properties can be either validated or verified, like Software Documentation with slight changes or Error Handling as I mentioned above.
User Friendliness, for example, is a quality property which can be measured when a user works with the software, but it’s also possible to employ apply psychology, ergonomics and few other facts to formulate the User Friendliness of software, in this way, the delivered product corresponds to the user requirements.

REFERENCES:

Lewis, W.E. (2005) Software Testing and Continuous Quality Improvement, Second Edition, Auerbach Publication, USA, ISBN: 0-8493-2524-2

Livadas, L. (2006) 'Management of QA and Software Testing, Seminar for Week 1: Overview of Quality Assurance Techniques' [Embanet] Available at: MASSHR-QA-060928-01 Sem 1 (Accessed: 30 Sep. 2006)

Wikipedia.org (2006) ‘Usability’ [Internet] Available at: http://en.wikipedia.org/wiki/Software_usability (Accessed: October 4th, 2006)

Note: This article is prepared for the University of Liverpool.

The technology in next 50 years

2005-12-29T15:50:00.001+03:30

We all know that the technology is strongly tightened with our lives; if we look around we can easily find technology footprints. We are surrounded by technology, we are borne with technology and live with technology. It's been long time that this phenomenon is penetrated to any aspect of our life.

As a proof we can refer to UNESCO reports and announcements that define literate individuals as people who are able to program computers. This implies the fact that we need to employ technology in order to find ourselves as a member of a modern society.

This is the beginning, technology growth will never stop, and hence living in modern societies enforces us to employ this phenomenon more than ever. No one could believe that those big, heavy and low quality music players would be replaced by small, light and high quality digital music players? This particular example shows the tremendous increase of mass storages density, at the century of information, mass storage devices became abundant and everybody holds a huge amount of information in hand and move them as he walks.

Next 50 years is the scene of battle of technology owners to consume more resources and bring us more technological facilities to ease our life. Having integrated communication devices makes the world smaller than ever, every body can communicate with his/her family within a fraction of time, yet another question, does this small world make people closer when you can sit far away from your family and speak to them remotely? What does it mean when we say to our friend "see you soon" or "be in touch"? In my point of view technology can be a strong wall with a small window between individuals. Today is the time of thinking about what we have lost and what we are losing, we achieved a lot, still there is a long way but if we forget ourselves we might consume human being existence to produce technological innovations.

From a positive point of view, we can expect upcoming innovations helping us to think and see our surroundings better than before, exploring further areas in space, recovering our consumed resources by out sourcing from other planets.

Today, technology is the most important part of our life; we can not eliminate it as it's growing as human being grows, it continues and we expect more and more innovations as result of technology progress. To believe or not, we will use this phenomenon in all aspects of our life.

Author: Mohammad Ali Sarbanha
Editor: Mrs. F. Nezami

Using NetMeeting to share your Desktop

2005-09-15T13:16:00.000+04:30

NetMeeting, like any other Client-Server technologies, need two different types of configuration to share your home desktop to be accessed from remote.
At Server side you need to configure NetMeeting to host your connection session, after configuring the server side you will have a service running on your system waiting for remote connections, for the client side you don’t need to do very specific settings.

Read full story.

Loading Cisco IOS from ROMMON...

2005-07-02T18:26:00.000+04:30

Few days ago when I reloaded my Cisco 3725, it didn't come up, I tried many times, I found that it can not be the IOS problem, though it could't be found by the router, I finally recovered that problem, my Cisco Instructor, Charles, gave me useful hints to fix my problem.
Here I want to tell you about useful commands in ROMMON mode which help you to run your IOS from flash: memory, dir and boot , see the examples below:

rommon2> dir flash:
File size Checksum File name
5358032 bytes (0x51c1d0) 0x7b16 c2600-i-mz.122-10b.bin
rommon3> boot flash:c2600-i-mz.122-10b.bin

You can find more information about those commands in here.
http://www.cisco.com/warp/public/130/recovery_c2600.html

Free Sony-Ericsson Theme for T68i

2005-07-02T17:51:00.000+04:30

Today I made a theme for my T68i cell phone, I decided to put it on my website as a gift to my website visitors, below you can see theme sample, if you like it you can download it to your cell phone.

NOTE: I tested this theme on my cell phone but I do not take responsibility of any kind of malfunctioning or damages on your cell phone regarding to use of this theme.

>>>Click here to download Theme<<<

Loading Cisco IOS using TFTPDNLD !

2005-05-14T14:18:00.000+04:30

Suppose you lost your Cisco flash memory and you need to download a new IOS using ROMmon mode, my Friend Ahmed Magdy who is my Cisco instructor as well, gave me the following instructions.

Step 1:
Put your TFTP Server and Cisco router on a LAN segment. You should know TFTP Server IP address, IOS image name, Subnet mask of the network which your TFTP Server is connected to, and if your router is not connected to the same LAN of your TFTP Server you should use the gateway address as well.

Step 2:
Follow these commands,

rommon 1> IP_ADDRESS=10.1.1.110
rommon 2> IP_SUBNET_MASK=255.255.255.0
rommon 3> DEFAULT_GATEWAY=10.1.1.111
rommon 4> TFTP_SERVER=10.1.1.111
rommon 5> TFTP_FILE=c2600-jsx-mz.122-10a.bin
rommon 6> TFTP_VERBOSE=2
rommon 7> TFTP_CHECKSUM=0
rommon 7> tftpdnld

IP_ADDRESS: 10.1.1.3
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 10.1.1.3
TFTP_SERVER: 10.1.1.3
TFTP_FILE: c2600-js-mz.120-8.bin

Try to memorize, this is a useful comment for a network expert....
You can check following links as well,
http://www.cisco.com/warp/public/471/76.html
http://www.cisco.com/warp/public/471/76.pdf

BSCI means Building Scalable Cisco Internetworks

2005-04-03T15:15:00.000+04:30

One of my favourite things that I really like by heart is to learn and learn and learn..... last month I attended in BSCI course and learned lots of new things and experienced a lot. Of course my instructor Charles helped me too much and I really appreciate him because of all of his efforts that put to help me learn whatever I didn't know.

Thanks Charles....

3Com Switch Password Recovery

2005-03-16T09:12:00.000+03:30

Today I tried to find how I can recover a lost password of 3Com Manageable Switch for my further reference, we use 3Com Manageable SuperStack3 Model:3250, you can try this procedure with the other models it might work.

Follow these steps to recover the password:
1. Connect your PC serial port to console port of your device, use Hyper Terminal as a dumb terminal with these communication settings, 8-N-1, Flow Control = Hardware, baud rate = 19200.
2. To force device to go to password recovery mode enter recover for both login and password.
3. Device goes to the recovery mode and it shows counting down for 30 seconds, during this period you should turn of your device and turn it on.

Note: GIVE AT LEAST 15 SECONDS TO THE DEVICE BEFORE TURNING IT ON

4. After starting up, the device asks you for a new admin password.

Enjoy it!

Google Search Language Setting

2005-01-30T08:15:00.000+03:30

Since I use Google search in my website, I had a small problem with its results. Google normally checks your IP address, regional settings and cookies then return results in your language if its possible. In my case I got different languages in different browsers, when you create search profile in Google control panel, it does not provide any feature to set the search result language.
To solve this, when you search normally through Google website, look through the query string showing in your address bar, a parameter named hl holds language name of the result, if you change its value like this hl=fa you will receive search result in Persian, and en is for English.
For your website you need to add this inside Google search form for English language:

<input type="hidden" value="en" name="hl">

For other languages, at this time, Goggle supports these languages:

Persian=fa, Arabic=ar, English=en, Indonesian=id, Romanian=ro, Bulgarian=bg, Estonian=es, Italian=it, Russian=ru, Catalan=ca, Finnish=fi, Japanese=ja, Serbian=sr, Chinese (Simplified)=zh-CH, French=fr, Korean=ko, Slovak=sk, Chinese (Traditional)=zh-TW, German=de, Latvian=lv, Slovenian=sl, Croatian=hr, Greek=el, Lithuanian=lt, Spanish=es, Czech=cs, Hebrew=iw, Norwegian=no, Swedish=sv, Danish=da, Hungarian=hu, Polish=pl, Turkish=tr, Icelandic=is, Portuguese (Brazil)=pt-BR, Portuguese (Portugal)=pt-PT

Other Languages may be supported, if your language is not listed above you should check at Google website.

Picas2 Category Password Recovery....

2005-01-25T11:58:00.000+03:30

When I was trying Picasa2 features I found that it can protect specific categories by password, I set a password, after a while I forgot it!!!! I tried google to find password recovery for Picasa2, but there was nothing on the web, to be honest, I didn't search too much because I was almost sure that I can solve it ;-)
Anyway, This might help you to recover your Picasa2 category password.

1. Open this folder on your computer:
[localUsernameProfile]\Local Settings\Application Data\Google\Picasa2\db
2. Remove (Or Rename) this file: catdata_info.pmp
3. Open Picasa2
4. Change the password of that category
5. Exit from Picasa2

After that you will find another catdata_info.pmp in that folder

Have Fun!!

Hello and Picasa2 are good softwares!

2005-01-25T11:45:00.000+03:30

Today I found these two softwares very useful to manage my pictures and share them with my friends, I installed both of them, at first glance they look very strange but easy to understand, after you start working with them you will find that their dictionary is completely different from other common softwares, I think they will add some new words to our Computer/Internet vocabulary, these two softwares are other inventions of Google and I think they can be more common for home users.
Picasa manages your pictures and Hello lets you communicate with other Hello users and share your pictures, when you chat with your friends try some smilies, they are funny I tried ':)' ':(' 'XO' 'LOL' , you may find more!
Picasa and Hello work together, it means when you receive a picture from your friends on Hello you can have it in you Picasa as well, even you can have chatting archive.

You can find them from here:

Picasa: http://www.picasa.com/
Hello: http://www.hello.com/

GAG! The Graphical Boot Manager.

2005-01-12T11:53:00.000+03:30

I was looking for a simple and easy to user/install software to use it as multiboot manager on my laptop. I googled and found a very simple boot manager, it's just a free software which you can download it from http://gag.sourceforge.net/download.html , then you just need to make a floppy and ...... Okay.. When you download the zip file, read install.txt to find out how to deploy this small software.
About the features I just copied following information:

Allows boot of up to 9 different operating systems.

It can boot operating systems installed in primary and extended partitions on any available hard disk.

Can be installed from nearly all operating systems.

GAG doesn't need its own partition. It installs itself in the first track of the hard disk, which is reserved for these kinds of programs. It can also be installed on a floppy disk, without using the hard disk.

It has a timer to boot a default operating system (selectable by the user).

The configuration menu can be protected with a password.

The program works in graphic mode (needs a VGA or better graphic card), and has a lot of icons.

Hides the primary partitions which allows the user to have installed more than one DOS and/or Windows in the same hard disk.

Allows a password to be put on each operating system, denying access to non-authorized people.

Allows the boot manager text to be translated to all languages.

Can exchange disk drives, allowing to boot from the second, third... Hard disk operating systems such as MS-DOS.

Has the SafeBoot system, that allows to boot your hard disk even if GAG is accidentally overwrited.

Supports a great variety of keyboards (QWERTY, AZERTY, QWERTZ and DVORAK keyboards).

Fully support for hard disks up to 4 terabytes (4096 gigabytes).

Full version and free software (distributed under GPL license, with source code)

..... Enjoy it!

Mozilla Firefox is amazing!

2005-01-09T16:32:00.000+03:30

I'm really excited since I ran Mozilla Firefox 1.0 on my PC for the first time, I found Internet Explorer features and Mozilla security in Firefox. Specially I found it very quick and tiny!
One of the most important features that other well known softwares does not support in a good manner is Site Feed Handling. With Firefox you will be informed if the website you are visiting has Site Feed.
Firefox sister is Thunderbird, which is a powerful mail client, I like it. It handles Site Feeds like e-mails so you can be more comfortable with this part of it.
The most important part of an e-mail client is to be able to work with large files, I didn't check this software with lots of e-mails, if Mozilla programmers haven't check this before, your huge amount of e-mails might overwhelm the software's normal activity!
My suggestion is to backup your e-mails occasionally and don't let your mail directory become too big.
Two things are useful to be added when Mozilla programmers revise the software. Ability of dragging and dropping e-mails from mailbox list in Thunderbird and copy them to a real folder on the hard drive with .eml extension, like outlook. This will help user to be able to make a clean back up of his/her e-mail.
Another thing, its good idea to add Tray Icon in software, so the user can hide Thunderbird's window and its button from Task bar and have the software running when user are doing other tasks.
I suggest you to use this software and enjoy browsing the net, if you are not windows users or you use different language you can use it either. Check Mozilla website to find more information.

http://www.mozilla.org/

Okay, my friend joined to the game!

2005-01-09T14:57:00.001+03:30

For people who knows farsi language they can use his blog to improve their knowledge about compiling FreeBSD Kernel.
http://j2ee-saleh.blogspot.com/2005/01/kernel-freebsd-freebsd-source-mount.html

I recoomend you to follow his blog...

How to use .htaccess files for APACHE HTTP Server

2005-01-07T19:57:00.000+03:30

If you have important information which you don't like to make them public, you can use .htaccess files to customize your directory. But you have to ask from your provider if they can provide you .htaccess file.
I post this memo because lots of people use shared hosting services because of their cheap prices, so if you are going to put important information on those type of hosts, asking about this feature will help you for your further website developments.

First of all you should have your passwd file to be uploaded on the server, or the hosting service provider should give you some tools to handle this file. After you create your passwd file you should put in a secure place that nobody can access it. of course you should be able to access it through FTP or webtools to handle users and passwords.

If your provider doesn't have these tools you can create password file yourself.
You need Apache Webserver to be installed on your computer you can find htpasswd.exe in [apache home]\bin directory. Using this command is so easy. If you run it without any parameter it will show you usage and parameters.
For instance you can use this command as follows:

c:\ApacheHome\bin> htpasswd -c users.pwd sarbanha
Automatically using MD5 format.
New password: ***********
Re-type new password: ***********
Adding password for user test

C:\ApacheHome\bin>

Now you have a file named users.pwd, later if you want to change the password you don't need to use -c parameter.
Okay, You already have a simple password file. Two other files are needed, one to secure a directory on webserver and the other one is to force HTTP Authentication for directory visitors.

Now make a directory on your host to store your password file, before uploading
your password you should be sure about its security.
Create a text file named .htaccess with the following content:

Deny from all

Then upload it to the directory which you created to put your password files. Try the directory it shouldn't allow you to view its content otherwise there are two possibilities, first you put your file in a wrong place or your provider does not let you use Limit tags like Deny or Allow in your .htaccess file, So you have to cunsult with your provider to provide you a secure directory and give you its full path so you can upload your password files there.

Okay, when you make sure that you have a secure place for password file you need to upload it there, you have to know its correct full path name otherwise your directory visitors can not be successfully authenticated.

Time to creare another .htaccess file which is our goal. Just to remind the subject we are doing this to secure a portion of a website, let say a sub directory of our website.
So, create a new .htpasswd file with the following content:

AuthType Basic
AuthName "Password Required"
#Chenge the the path to your password file in the next line
AuthUserFile /hosts/mywebsite/www/passwords/users.pwd
Require valid-user

Note that AuthName tag is only a prompt, you can change it to whatever you want.

Now if you upload this file into any directory, it needs HTTP Authentication and the visitor should enter a correct password to be able to visit that part of your site.

Thats it, if you have done this procedure correctly it should work.

Another small tip is, if your service provider does not let directory visitors to be able to read your password files or it has a special format or extention for password files you will need only one .htaccess file. I mean you don't need to creat a directory and secure it yourself. So you can omit the first .htaccess creation.

Is it Microsoft bug or SQUID cache server bug?!

2004-12-27T16:15:00.000+03:30

These days I received lots of complains from my network users about logging into HOTMAIL, I installed an squid cache server in the transparent mode and it was working fine.
I found out that when a user use IE6 and after logging into HOTMAIL.COM, instead of mailbox a blank page was appeared! But with Netscape 7.2 which I normally use, there is no problem!
After some work around the issue I found out that its because of header encoding which IE uses to place its requests.
Getting rid of this problem is very easy but the concept from SQUID Cache server point of view is, we have to anonymize headers to not to use encodings.

for SQUID version 2.5.STABLE7, use the following configuration in squid.conf:

header_access Accept-Encoding deny all

for SQUID Version 2.4.STABLE6

anonymize_headers deny Accept-Encoding

the second configuration may work for HOTMAIL, but check with GMAIL this might not working! its better to upgrade your SQUID if you have old version.

PF Firewalling small tip

2004-11-20T19:25:00.000+03:30

I was trying to block HTTP access of one of my users, I have a SQUID Cache server/Gateway in my network bottleneck and I just use one of Ethernet ports of that server just for catching HTTP connections and cache contents, I also installed a PF as Firewall. As you may know with PF is very easy to block any kind of access inbound or outbound, I used following command to not to let my user be able to initiate HTTP requests by editting /etc/pf.conf:

block in on bge0 proto tcp from 10.0.0.1 to any port 80

But I experienced a strange thing, the client was able to use HTTP, I also checked my SQIUID, all user queries were passing through SQUID proxy, the reason was because PF redirects packets before any kind of filtering!

IMPORTANT: PF redirects packets before any kind of filtering

So then, I edited /etc/pf.conf like this:

table { 10.0.0.0/8, !10.0.0.1 }
.
.
.
rdr on bge0 proto tcp from to any port 80 -> 127.0.0.1 port 3128
.
.
.
block in on bge0 proto tcp from 10.0.0.1 to any port 80

after configuration following commands reload the new configuration:

$pfctl -d -k localhost
$pfctl -e -f /etc/pf.conf

Now my user with a static 10.0.0.1 is not able to use HTTP, that was only a test! nobody want to limit HTTP access for a user!

Multiple Websites on a single Host

2004-10-05T18:08:00.000+03:30

Have you ever stopped how shared Hosting service providers put multiple websites with different domain names on a single host and single IP? They usually call it shared webhosting in contrast with dedicated servers, if you are curious to find out how it works read this PDF.

Multiple Websites on a sigle Host

Later, I will add some documents about Tomcat and Apache Webserver, though the concept is the same.

Web Hosting and Domain Registration

2004-10-05T16:54:00.000+03:30

Today I started my new business, now I am representative and reseller of a WebHosting company, I can offer you best prices, so send me an e-mail for details, be sure that you will find it cheaper than the other companies! Try it!
The Datacenter is based in Canada and Domains will be registered on tucows!

Here is my website

2004-09-21T09:08:00.000+03:30

These days I was busy with my website, I prepaired it using JSP/Java/Servlets and Net beans, but my provider still didn't send me information about the J2EE facilities of their hosting, I had to launch my website so I moved to PHP for first time.
PHP is like JSP but it doesn't compile to a servlet or any other binaries, PHP translates pages as they are requested then it generates an out put. I found that its very useful to make reports.
In PHP you just need to make your file as a text document then insert some PHP tags for your specific purposes then pass that file to PHP interpreter:

$ vi myfile.php
$ php myfile.php

Then it will show your text containing result of PHP processed data. I enjoyed using PHP, its fast and powerfull, you can find more information about PHP in its official website, documentation is very good and prepared in different formats.

PHP Website: http://www.php.net