This was then met with a lovely week climbing in Fontainebleau, France, which was much needed.

But now I am back in Manchester, staring into space attempting to revise everything I have ever learnt this year.

Although the revision is so far successful, it is no where near complete. My mind is drifting and attempting to distract me with the smallest things. I attempted to lock myself away, but alas my imagination was too strong to allow it. So for now, I am here, revising and battling my mind from distracting me. This blog post is my mind winning, procrastinating.

A few months on and I have found Python to be my perfect partner (well in programming anyway). I have found that a lot of functions I have needed to implement have been doable within no more than three lines of code, whereas in Java I know I would be writing multiple classes for. I have also found what ever may hinder your path, their is always a built in module to help you out.

Unlike most things their is always going to be some negative points. It is not the easiest programming language to make ‘pretty’ for the user. Their are plenty of modules like Tkinter, EasyGUI that can be used to help you on your way but they all have some kind of limitations.

Personally for me on the GUI side of things I opted for EasyGUI (http://easygui.sourceforge.org). EasyGUI is mainly developed to allow programs that have been developed as command line programs to have an easy to install, use GUI attached to them.

Overall this post is just for me to say I am very happy with Python. If you haven’t had a chance to have a play with it then shame on you! You will be amazed what it can do and how easily it does it.

Their is plenty of tools to open Binary Plist files and convert into different formats but these do not help when you are wanting to read in a file to analyse. The plutil utility that is available via Terminal allows the conversion of Binary Plist files into XML format and vice versa. This facility is extremely useful but is not feasible within a program.

Python has had an installed Plist reader / writer library for sometime and expanded this feature from just Mac based Python installations to all operating systems running Python 2.7 and higher. Unfortunately this library does not handle Binary Plist files which is a disappointment.

Luckily it seems someone has had the same issue as myself and needed a built in library that would handle Binary Plist files. Luckily for me this person had a better knowledge of Python programming and was able to develop a Library that fulfils this issue. The library is called Biplist, a wonderful library that expands the already available Plistlib library allowing for parsing and writing Binary Plist files.

Installation:

Installation with Biplist is hassle free, just goto the directory containing the Biplist folder and run the following command.

sudo easy_install biplist

Using Biplist:

Biplist is used the same way Plistlib is used within Python but allows the library to be extended to allow functionality with Binary Plist files.

plist = readPlist(filename.plist)

The above command is the exact same that can be used with Plistlib but will allow the Binary file to bread into a Dictionary or List to then later be printed or modified.

Download:

https://github.com/wooster/biplist

Examples:

These examples have been taken from the Biplist GitHub page.

Plist generation:

from biplist import *
from datetime import datetime
plist = {'aKey':'aValue',
         '0':1.322,
         'now':datetime.now(),
         'list':[1,2,3],
         'tuple':('a','b','c')
         }
try:
    writePlist(plist, "example.plist")
except (InvalidPlistException, NotBinaryPlistException), e:
    print "Something bad happened:", e

Plist parsing:

from biplist import *
try:
    plist = readPlist("example.plist")
    print plist
except (InvalidPlistException, NotBinaryPlistException), e:
    print "Not a plist:", e

Anyway…Andrew Case from Registry Decoder was discussing his new program he and other developers have been working on programmed in Python. I have recently started using Python at University for encryption / decryption tasks and straight away fell in love with its ruggedness and effectiveness. All this seems like a bit of waste of information but it made me wonder “should I develop my program in Python?”

The idea had already crossed my mind, but the one problem was Python’s lack of GUI. Well apparently not, turns out if you Google “GUI implementation in Python” you get a wide array of very useful websites. Who would of thought eh?

After a few button clicks and a bit of reading I came to the conclusion I would like to try EasyGUI. The main reason is actually how easy it is to implement. Once you have ran the setup.py file EasyGUI is just a call away.

For example, when wanting to display a message box:

eg.msgbox("Hello, world!")

And a lovely message box appears. Or how about a list of categories a user can select?

msg     = "What is your favorite flavor?"
title   = "Ice Cream Survey"
choices = ["Vanilla", "Chocolate", "Strawberry", "Rocky Road"]
choic   = eg.choicebox(msg, title, choices)

Now that is easy  

Unfortunately due to being orientated around ease you cannot build complex GUI's but there are Python GUI's

that implement OpenGL for those whom would like to make something a little bit more complicated.

Check EasyGUI out here: http://easygui.sourceforge.net/

George Starcher has written a very detailed article and step by step guide on how to setup Amazon EC2 as DNA workers.

I have used AccessData’s DNA (Distributed Network Attack) before but when used in a live environment I found it effected the use of the workstations it was running on. In reality it was needed to be used when the systems were idle but unfortunately these workstations are treated as work horses and never get to rest with Encase churning out information 24 hours a day.

So the idea you could harness the power of Amazons large network for password cracking seems to be too good to be true and the process is relativity simple for an IT literate user.

Plus the pricing with Amazon Web Services are affordable and the specifications are rather generous.

Definitely worth a read: https://www.georgestarcher.com/?tag=amazon-ec2

If password cracking is not your thing then a look at Amazon’s EC2 and other web services are need for any tech savvy individual attempting to take that leap into the ‘cloud’. http://aws.amazon.com/

In the last few days the program has been back out helping me to convert Binary Plist files without having to open Terminal and remmember the command lines used to convert and to create a new XML file. Due to this I have decided to post the Java Application online in case it may become useful for someone else.

So enjoy and do tell me what you think. A download can be found in the newly created Software section

The story is based on true events when a group of men appeared in the mountains of India from travelling all the way from Siberia.

The Way Back follows the group of misfits as they attempt to escape from Siberia into safer grounds. A truly enjoyable and moving film that takes on many aspects and background stories from each character.

This has to be the first film in a long time that made me go “damn that was a good film”.

IMDB: http://www.imdb.com/title/tt1023114/

Unfortunately there are no real easy answers to getting started with Enscript except learn C, C++ or another C orientated programming language or go on an a Guidence Software Enscript course….which for a University student like myself I can not afford.

Luckily a nice fellow named Lance Mueller created a set of “get to grip” with Enscript tutorials. I have done them and they have really helped me get started with my Enscript programming.

Link: http://www.lancemueller.com/blog/EnScript%20All%20tutorial%20Document.pdf

The VID and PID have easily been accessible within Windows Operating Systems for many versions allowing investigators of Windows machines to connect USB devices with times and dates. This information in the Mac OS was left to the Sidebar Plist which did not save much information except for a name and location. Although useful, the information did not produce any sound information that the device had been connected to the computer.

Within the kernal.log since Mac OS X Snow Leopard VID, PID and Serial numbers have been logged with a time and date.

The log information is split into 4 sections:

The log is also stamped with the Month, Day and Time.

So with the help of this very useful website http://www.linux-usb.org/usb.ids we can find what type of USB device was being used.

.PLIST files come in two formats, XML and Binary. With Mac OS X 10.6 most large .plist files have been converted into Binary Plist files rather than the old XML version.

So whats the difference, well not a lot, they contain the exact same information but apart from one important fact – XML is easier to read!

Segment from a Binary Plist file.

Same section from a XML  Plist.

It is easy to say that the XML version is a lot easier to read, meaning quicker to write up in your statement =)

So I bet you are thinking, but what do we do with Binary Plist files, we are stuck with them being in binary right? Well you are wrong. Every Mac has a lovely feature built in to convert Binary Plist files into XML and vice versa…..Plutil.

Plutil is quite easy to use and runs via the terminal.

Just enter the command:

plutil -convert xml1 Folder/Directory/FileName.plist

-convert (tells plutil to convert the file)

xml1 (tells plutil to convert the file into a XML1 file)

Folder/Directory/FileName.plist (the location path to the file)

-o path (allows you to set an alternative path)

-e extension (allows you to create the new file as a different extension, eg xml)

As an excuse to get programming again I am going to create a GUI version of Plutil to make it even easier to convert Plist files into XML. I actually have started the program in Java.

It is very close to being finished…my next plan is to integrate a Plist viewer which will carve out data that can be of interest. Another tool that will coincide with my Enscript….hopefully.