In my previously article "EnCase missed some USB activities in the evidence files", I mentioned about that EnCase could  only "see" few USB records. Actually not only EnCase may not see all USB records, some other forensic tools got th…

My friend is a developer and her colleague May was suspected of stealing the source code of an important project "X". The Police searched her apartment and seized her brand new laptop which OS is Win10 Pro.  Forensic guy Terry used EnCase to do…

Basic Concepts of Block Media Recovery Whenever block corruption has been automatically detected, you can perform block media recovery manually with the RECOVER ... BLOCK command. By default, RMAN first searches for good blocks in the real-time query…

| Data Evaluation | - Use Shift + Enter or Shift + Return to run the upper box so as to make it display the edited text format. - Markdown used for text writing, while the other is Code cell used for code writing. import csv import numpy as np import…

| Data Wrangling | # Sort all the data into one file files = ['BeijingPM20100101_20151231.csv','ChengduPM20100101_20151231.csv','GuangzhouPM20100101_20151231.csv','ShanghaiPM20100101_20151231.csv','ShenyangPM20100101_20151231.csv'] out_columns = ['No…

转自09年的blog,因为facebook在国内无法访问,故此摘录. The Photos application is one of Facebook’s most popular features. Up to date, users have uploaded over 15 billion photos which makes Facebook the biggest photo sharing website. For each uploaded photo, Facebook gen…

(Source/原文链接 https://blog.elcomsoft.com/2018/06/ios-11-4-1-beta-usb-restricted-mode-has-arrived/) 作者: Oleg Afonin   As we wrote back in May, Apple is toying with the idea of restricting USB access to iOS devices that have not been unlocked for a cert…

转自:http://blog.chinaunix.net/uid-20543183-id-1930831.html   ------------------------------------------ 本文系本站原创,欢迎转载! 转载请注明出处:http://ericxiao.cublog.cn/ ------------------------------------------ 一:前言 Usb是一个很复杂的系统.在usb2.0规范中,将其定义成了一个分层模型.linux中的代码也是按照…

现在已经使用GET_DESCRIPTOR请求取到了包含一个配置里所有相关描述符内容的一堆数据,这些数据是raw的,即原始的,所有数据不管是配置描述符.接口描述符还是端点描述符都挤在一起,所以得想办法将它们给分开.,于是usb_parse_configuration()就做这些事. static int usb_parse_configuration(struct device *ddev, int cfgidx, struct usb_host_config *config, unsigned…

拜会完了山头的几位大哥,还记得我们从哪里来要到哪里去吗?时刻不能忘记自身的使命啊.我们是从usb_submit_urb()最后的那个遗留问题usb_hcd_submit_urb()函数一路走来,现在就要去分析usb_hcd_submit_urb()里面的内容. /* may be called in any context with a valid urb->dev usecount * caller surrenders "ownership" of urb * expects…