When it comes to booting up evidence files acquired from target disk, you got two options. One is VFC and the other is Live View. Both of them could create snapshots out of images such as EWF(E01). So forensic examiners could conduct a live forensic…

The latest Windows 10 will be more and more popular in the very near future. Now let's take a look if we could conduct a live forensic on Win10 by using LiveView 0.8 RC1. 1.The OS version of suspect's laptop is Windows 10. After acquiring we got the…

My friend is a developer and her colleague May was suspected of stealing the source code of an important project "X". The Police searched her apartment and seized her brand new laptop which OS is Win10 Pro.  Forensic guy Terry used EnCase to do…

Sequence 1: Using find Scenario: Log in as user student. Devise and execute a find command that producesthe result described in each of the following problems, then write down thecommand in the space provided. You may need to refer to the man page fo…

最近使用git 管理项目的时候,编译过程中出现了很多中间文件,今天发现使用 git clean 命令可以很方便进行清除: # 删除 untracked files git clean -f # 连 untracked 的目录也一起删掉 git clean -fd # 连 gitignore 的untrack 文件/目录也一起删掉 (慎用,一般这个是用来删掉编译出来的 .o之类的文件用的) git clean -xfd # 在用上述 git clean 前,墙裂建议加上 -n 参数来先看看会删掉哪…

gorm官方文档教程实例,构建出现错误.C:\Program Files\Go\pkg\tool\windows_amd64\link.exe: running gcc failed: exit status 1 没有import这些gorm,sqlite3包的其他代码能够正常构建.解决方案是安装tdm-gcc并调整环境变量…

Usually we will use LiveView or VFC to "boot up" the evidence files acquired from suspect's computer or laptop. What if his/her OS is Win10? Win10 has two account types. One is Local User Account, and the other is Live ID Account.  For VFC to by…

Introduction The RPM Package Manager (RPM) is an open packaging system that runs on Fedora as well as other Linux and UNIX systems. Red Hat and the Fedora Project encourage other vendors to use RPM for their own products. RPM is distributed under the…

行结束符和空白选项 在项目的生命周期中,有时可能会将行结束符由 CRLF 改为 LF,或者修改一段代码的缩进.不幸的是这样将会使大量的代码行被标记为已修改,尽管代码本身并没有被修改.这里列出的选项将会在比较差异 和应用补丁时帮助你应对这些修改.你将会在合并和追溯对话框中看到这些设置,它们同样也出现在TortoiseMerge 的设置中. 忽略行结束符 排除仅行结束符的差异. 比较空白 将所有缩进和行内空白差异视为增加/删除的行. 忽略空白修改 排除那些完全是针对空白数量或类型的修改,例如,修改缩…

php下载页面 http://cn2.php.net/downloads.php 7.0.3多地区下载页面 http://cn2.php.net/get/php-7.0.3.tar.gz/from/a/mirror 直接下载地址 http://cn2.php.net/distributions/php-7.0.3.tar.gz 下载解压目录 /usr/local/php7.0.3 下载php压缩包    wget http://cn2.php.net/distributions/php-7.0.…