Monday, April 12, 2010

IT News HeadLines (Techradar) 12/04/2010


Techradar
In Depth: Build yourself the ultimate media PC

Let's face it: most of us are missing a trick. Who here ignores traditional broadcast schedules, opting instead to catch up on TV shows via BBC iPlayer, ITV Player or 4oD?

How many of us have downloaded a digital boxset from iTunes or spent hours slumped in front of the computer monitor browsing funny videos and clips on YouTube?

The way that we watch TV has changed – so why shouldn't the way we access TV change along with it? Why watch web-delivered content on your widescreen laptop? You could be enjoying it on that lovely big TV in your sitting room.

If the thought of reclining in your chair and flicking with ease between live Freeview channels, a film on your hard drive and that program you've been meaning to catch up on with iPlayer doesn't entice you, maybe the thought of your wallet will.

When you buy a TV, you want to get a good few years use out of it before upgrading again. But entertainment technology is advancing quickly, and that large flatscreen you purchased a couple of years ago is already looking a bit old-fashioned because it's not HD. If you want an HDTV, you'll need to buy a whole new television.

What about 3D?

And then there's 3D. You'll have to upgrade again. And let's not forget the digital switchover, which is happening at the moment. If your set is incapable of receiving digital signals, you'll have to upgrade, or at the very least buy a set-top box or two.

Either way, your wallet suffers. But if you make a PC the centre of your home entertainment system, you can embrace new standards through software simply by upgrading a single component – which is far less expensive than replacing your whole set every time a new technology comes along.

You're probably wondering where the catch is. If TV PCs are so wonderful, why doesn't everyone have one? The answer is that PCs and the living room have had an awkward relationship over the years because of one thing: noise.

But no more: new advancements in technology have produced quiet machines that still have the grunt needed to handle HD video streaming and more. If you're not sure which components your ideal machine needs – or if you're eager to build one to your own exacting standards – then you're in luck.

We've compiled a list of the best parts for the ultimate TV PC, along with the software that will bring it all to life and even the most exciting sources of entertainment on the web. Trust us: you're not going to look back.

Component: Processor
Model: Intel Atom N330
Price: Included on motherboard

Intel's Atom processors have redefined the market for low-power, cheap-as-chips computing. Populist netbooks like the Acer Aspire One, Samsung N120 and various Asus Eees owe their sparkling reviews to the Atom, while new nettop home theatre PCs featuring the processor are proving surprisingly versatile.

Atom

The dual-core Atom N330 is the current favourite with nettop builders – you can find it in devices like the Acer Aspire Revo 3600 and ASRock S330. Both cores in the N330 tick along at 1.6GHz and can be safely overclocked to provide an extra turn of speed. The N330 also features HyperThreading, which doubles the available processing threads from two to four.

But raw processor performance isn't really the issue here. On its own, the N330 will smoothly display 480p video and HQ YouTube videos – but it will monopolise the processor to do so. While the default 945GC chipset is good enough for basic computing tasks, it lacks the grunt for high-def media playback.

Only by offloading media decoding to Nvidia's GeForce 9400M GPU (as part of the Ion platform) does an Atom-based TV PC make the grade. In fact, Nvidia's hardware acceleration can almost halve the load on the CPU, and it's particularly effective for 720p and 1080p HD video playback.

Fitting tip!

Try overclocking the Atom N330 from its default 1.6GHz clockspeed. Pushing the chip to 2GHz can deliver a 25 per cent speed gain.

Component: Graphics
Model: Nvidia GeForce 9400M
Price: Included on motherboard

Nvidia's Ion platform is the key to making the most of the N330. Not only is the GeForce 9400M GPU superior to the discrete graphics found on a typical 945GC board, but Nvidia's PureVideo HD tech hijacks the 16 graphics cores to light a rocket under H.264, WMV/ VC-1 and MPEG-4 video playback. The result?

Ion

An Ion-based media PC can deliver smooth, stutter-free 1080p that won't give the Atom a hernia. You'll need to use software that supports Nvidia's CUDA-based hardware decoding – PowerDVD 9 and Media Player Classic are ideal. While an Ion setup is fully capable of playing back assorted MKV, MP4, AVI and MPG fi les, we also need the system to support Flash video.

Traditionally, Flash hasn't supported video decoding on GPUs, so netbooks and nettops incorporating the Ion platform have struggled with HD video streaming. But Adobe's release of a Flash 10.1 beta, which supports video decoding on Nvidia's graphics chips, seems to iron out any lingering performance issues.

Fitting tip!

Before you grab the Adobe Flash 10.1 beta, be sure to download the Release 195 (or later) Nvidia driver for the GeForce 9400M.

Component: Motherboard
Model: Zotac Ion N330 Ion ITX-AB
Price: £139 (£118 ex VAT)

This mini-ITX board measures a mere 170x170mm, which should easily fit most compact cases. Because we're aiming for a silent system, the Ion ITX-AB has several advantages over other boards on the market.

For starters, there's no CPU fan – the Atom N330 and Nvidia Ion graphics processor are hidden beneath a large passive heatsink (although Zotac includes a low-profile 60mm fan in case airflow is restricted or the system runs too hot).

Zotac

The supplied 90W PSU is external (like a typical laptop power brick) and fanless. With two DDR2 slots onboard, the Ion ITX-AB supports up to 4GB of memory (although 2GB will be plenty). Other TV PC friendly features include HDMI (with HDCP and 7.1-channel audio), DVI and VGA connections, three internal SATA ports, one eSATA connector, six USB ports on the back panel, dual S/PDIF outputs and Gigabit Ethernet.

Last but not least there's a mini PCIe slot, which hosts a handy 802.11n Wi-Fi module for easy wireless networking. There's no room for a TV tuner, but then an internet TV system like this doesn't need one.

Fitting tip!

The Zotac's audio ports only support six channels, so use audio over HDMI to get the full HD experience.

Component: Case
Model: Compucase
Mini ITX Price: £44 (£38 ex VAT)

There are several mini-ITX cases that will accommodate the Zotac motherboard, but the Compucase Mini ITX (8K01) – which has a compact, gloss-black chassis – is our favourite. The front panel boasts a slim optical drive bay, two USB ports, an eSATA port and headphone and microphone jacks.

It's a minimalist design with no frills. While some mini-ITX cases only have room for a 2.5in hard drive, this case houses a full 3.5in bay, giving you a much wider range of storage options. The lack of a full size optical drive bay restricts your choices a little when it comes to picking a DVD or Blu-ray drive, but this isn't really an issue.

Fitting tip!

The 3.5in HDD bay gives you the flexibility to use either a traditional hard drive or an SSD in a caddy.

Component: Hard disk
Model: WD Caviar Green
Price: £50 (£43 ex VAT)

The Caviar Green 500GB has been designed specifically to be quiet, run coolly and consume the minimum amount of power possible – so it's the perfect disk for our TV PC.

HDD

If you fancy filling it with movie rips and HD boxsets, you can go large with a 2TB version for only £140. Fitting tip! Always connect your primary hard disk to SATA channel 0 to ensure the best performance.

Component: Memory
Model: Crucial 2GB 800MHz DDR2 PC2-6400
Price: £36 (£31 ex VAT)

The more memory you have, the bigger the cache – so programs will load faster and multitasking won't slow things to a crawl. But do you need 4GB for surfing the web and streaming video?

RAM

Unless you're going to do some heavy-duty video transcoding, we say no. You can always double the amount at a later date if you notice any sluggishness.

Component: Networking
Model: Solwise 200Mb HomePlug AV adaptor
Price: £41 (£35 ex VAT)

Powerline technology is ideal for streaming content from another PC or NAS. These adaptors replace Ethernet cables by sending data through your home's electrical wiring.

The Solwise Homeplug AV kit can deliver speeds close to 100Mbps, and you'll need at least two. These units also feature a mains pass-through, so you don't have to sacrifice a plug socket to use them.

Component: Optical drive
Model: Sony Optiarc BC-5500S
Price: £164 (£140 ex VAT)

The BC-5500S is a great all-rounder. Capable of playing Blu-ray discs, the BC-5500S reads 25GB BD-R and BD-RE media plus 50GB dual-layer discs at 2x speed.

Blu-ray

It also supports 8x read/write speeds for DVD-R, DVD+R and DVD+RW and 24x read/write speeds for CD-Rs.

Windows 7 Media Center is one of the most polished 10-foot interfaces around, but in general the software has been slow to evolve. Ignoring the addition of native H.264 support in Windows 7, other improvements to the system have been mostly cosmetic: turbo scroll, faded menu overlays, a new album art display and a handy desktop gadget.

Media Center could easily feel old-fashioned and behind the times, then, if it weren't for the army of bedroom coders constantly beavering away to produce plugins that enhance the core features. Thanks to them, Media Center even has its own unofficial app store.

Another reason that many people still don't take advantage of Media Center – despite the fact that it's pre-installed on most XP, Vista and Windows 7 PCs – is that the software is at its best when you have a TV tuner and you're using it as a fully fledged DVR.

Win meda centre

The app is hardly anyone's first choice for general video playback (that's usually Windows Media Player) or streaming video (most people prefer direct web browser access), so it gets forgotten about.

Media Center has always done a great job of cataloguing the photos, music and video on your hard drive, and this could be handy for TV PC users – but its internet TV integration has been lightweight at best.

Where Vista's version had a poorly populated Online Media section, Windows 7's Media Center just adds an Internet TV option supporting WMV, Silverlight and Flash video. US users have access to a range of internet TV streams from the likes of CBS, Zune, MSNBC and MSN; but UK users aren't so well served on this front.

It's not all bad news, though: you can watch iPlayer and even iTunes content in Media Center. Sky Player is also available as a plug-in, offering access to various Sky channels for subscribers, including Sky Movies and Sky Sports.

The suitability question

To do away with the hassle of having to navigate around your PC desktop before watching TV , you can get your system to boot directly into Media Center on startup.

In Windows 7, select 'Startup and Windows Behaviour' on Media Center's Settings menu. Simply check the box next to the 'Start Windows Media Center when Windows starts' option. Easy. Of course, you could argue that Media Center is a little bloated for a system like this one – and the cost of a Windows 7 licence will add an extra £150. That's a lot to pay, especially when you won't even be using the bulk of the OS on a day-to-day basis.

It's worth considering lighter-weight alternatives such as Boxee or XBMC; these might be better suited to an Ion-based system.

Alternatives to Media Center

Microsoft's Media Center faces stiff competition these days thanks to freebie software like MythTV, Mediaportal, Boxee and XBMC.

MythTV has been knocking around since 2002, and the software provides some good DVR support if you're building a PC for heavy-duty TV recording. Numerous add-on modules can add photo browsing, RSS feeds, Netflix integration and Slingbox-style placeshifting.

Mediaportal is unashamedly Media Center-esque, but it has a limited appeal for TV PCs since it only runs on Windows.

XBMC is otherwise known as Xbox Media Center. What started out as a clever hack for Microsoft's games console has now evolved into an "open-source (GPL) software media player and entertainment hub for digital media". There are versions for Linux, OS X and Windows.

Using www.xbmc.org's own guide, you can easily specify a minimal Ubuntu install before you add the software. XBMC can handle a huge array of video files, and playback can be accelerated using the Ion hardware.

Usefully, XBMC can either launch a compatible player or function with a VDPAU (Video Decode and Presentation API for Unix) modification to the software. It's all there in the XBMC wiki.

Out of the Boxee

Another Media Center alternative is Boxee. This freeware media centre solution was born out of the XBMC code base, and it brings a social-networking edge to things.

Boxee does everything you expect – it catalogues photos, music and video on your PC's hard disk and makes them accessible via a sofa-friendly UI. If you've titled DVD rips correctly, Boxee will pull in the background blurb from IMDB.

Boxee

Boxee apps take things a step further, plugging you directly into third-party video-streaming services including Netflix, YouTube, BBC iPlayer, Last.fm, Flickr, Digg and CNN. Log into your account on the www.boxee.tv website and you can seek out people you know that are also using the software. Adding a friend to your list will show you what they've been watching or what they recommend.

Boxee is an ideal choice for an Ion-based TV PC, especially as the integrated media player supports hardware-assisted video decoding.

Need a cutting-edge remote control to go with it? Type Boxee into the iTunes Store and you'll find a Boxee Remote app that lets you control your Boxee-powered TV PC with an iPhone or iPod Touch. And if you don't want a PC at all? At this year's CES, D-Link announced the first Boxee Box, a dedicated hardware solution that runs the software silently.

Lets get one thing out of the way right now: watching TV from the UK on your PC is a lot easier than watching shows from America. Understandably, however, many of us want to do just that.

Google is festooned with links to oh-so-legitimate services and software that purport to let you watch thousands of channels from around the globe. We say be sceptical: licensing restrictions dictate that you're more likely to get access to a couple of obscure French news channels rather than Lost, Heroes and the like.

Of course, there are ways around the problem. Some people have had success with IP cloaking software such as Hotspot Shield and UltraSurf. But Hulu has got wise to users with anonymous IP addresses and has recently upped its security to keep such users out. The law isn't clear on these systems either, so we say that it's probably wise to steer clear.

It's not all tedious telly in the UK, either. There are plenty of services that let Britain-based TV watchers access exciting content freely and legally. We take a look at a few here.

1. TVCatchup

TVCatchup

The TVCatchup site gives you live streaming access to all of the main Freeview channels in the UK. That's over 50 channels, including digital-only channels such as Dave, Virgin 1 and Film Four. There's also an option to watch the live TV streams on your iPhone.

2. Sky Player

Skyplayer

Sky's web offering is less a catch-up TV site and more a video on-demand service that gives Sky subscribers a wider viewing choice than their Sky+ boxes and broadcast schedules can deliver. Over 30 live channels and hundreds of on-demand movies are available.

3. Joost

Joost

With all of the big TV companies jealously guarding their content, websites like Joost exist to dig up the best of the rest. Featuring a wide range of TV shows and movies, Joost also features a social networking element in an attempt to sort the wheat from the chaff.

4. Ustream

Ustream

Ustream prides itself on enabling "anyone with a camera and an internet connection to easily broadcast to a global audience". It features an eclectic mix of content where off beat indie web shows rub shoulders with live international sports matches and syndicated news feeds.

5. Vimeo

Vimeo

Founded by filmmakers and video creators, Vimeo is pitched more as a creative community than a YouTube rival. It promises no "gameplay videos, 'fan vids', sexually explicit videos, music videos, movies, TV or trailers". It's up to you to decide whether that's a good or bad thing.

6. Seesaw

Seesaw

Currently in beta, Seesaw has risen from the ashes of Kangaroo, a proposed platform hoping to offer content from the BBC, ITV and 4oD. The OFT blocked the project, Kangaroo's infrastructure was sold and Seesaw was born. The service should be active by the time you read this.

7. Hulu

Hulu

So we said earlier that Hulu is typically blocked for UK users. That's still true. But there are plans to launch a UK version of the service this year, featuring content that doesn't infringe any copyright laws. Until then, BitTorrent will undoubtedly remain the chief source of US TV for UK users.

8. Archive.org

Archive.org

It might seem odd to recommend www.archive.org, but stick with us. Head off to its Moving Images section and you'll find a huge and eclectic selection of movies. There are full-length feature films, vintage TV shows and great American public safety films that have to be seen to be believed.




Read More ...

Opinion: The trouble with Linux: it's just not sexy

There are three reasons why Linux isn't succeeding on the desktop, and none of them are to do with missing functionality, using the command line or the politics of free software.

The first is that there's too much momentum behind Microsoft Windows and too many preconceptions about the alternatives. Linux is perceived as having too much of a learning curve for relatively few advantages and an unknown heritage.

Migrating big business to a Linux desktop is akin to turning a T1-class supertanker around mid-Atlantic. The opposite direction may look brighter, but it's easier to chug onwards into the storm. You only have to look at the number of people clinging to Microsoft's venerable Office suite to see this point clearly.

For the vast majority, most of its functional fecundity is wasted. Many people could arguably be just as (un)productive with Notepad, Calculator and Paint, let alone using an open-source alternative such as OpenOffice.org. Its use seems to have more to do with keeping face when attaching files to an email than a genuine operational advantage.

Most people will only consider an alternative when there are bigger issues, larger icebergs or uncertain territories on the horizon, Away from the desktop, Linux is faring better.

Smaller, more agile businesses quickly quantify the cost advantages to produce cheaper and more competitive products. This is why embedded Linux has been such a success on everything from Chinese mobile phones to almost every NAS box around. This may mean that success on the desktop is only a matter of time, or it may mean that the Linux desktop is too far removed from the Linux kernel.

The second reason for failure is that Linux lacks centralised marketing. This is because there's no real Linux Central. It's just a trademark owned by its creator, Linus, and a term normally reserved for just the kernel of the operating system – hardly the easiest product to sell.

There are plenty of people advertising their own Linux endeavours, all keen to push their own angle on its advantages. This divided effort compounds the problem. With the likes of Red Hat, Novel and Canonical all fighting for their own slice of the pie, there's no one left to push Linux as a distinctive brand. That's something Apple and Microsoft do extremely well, and something Linux leaves to Tux the penguin.

Many would argue that standards are the answer to this conundrum, and that would mean a single base distribution. This could then be the only distribution called 'Linux' - everything else would become 'Linux based'.

Mozilla manages this well with the use of the Firefox brand. It's freely distributable and modifiable, but it can only be called 'Firefox' in its untouched incarnation. Change anything and you need to change the name.

For example, Debian calls its Firefox build 'IceMonkey' because it needs to reserve the right to make modifications, thus breaking Mozilla's standards. This may cause confusion if you look for Firefox on your Debian desktop, but it also sets a precedent for the kind of experience that Mozilla expects its users to have, and Debian hackers still have the code to mess around with if they need to. It's a compromise, but it might work in a world with hundreds of Linux distros.

The third reason is easy to see but harder to solve. It's the reason why you're not using Linux now. The solution would make all other problems redundant. The reason why you're not using Linux now is because there isn't a good enough reason to.

Sober advantages such as better security, improved performance, rock solid stability and low cost aren't going to win converts. These advantages aren't exciting enough; they're the equivalent of a spreadsheet of mortgage repayments. What we really want is a significant upgrade, something you'd normally pay for.

Perhaps we should focus on value. Recent analysis of the kernel by Jon Corbet showed that 75 per cent of the 2.8 million lines of code in recent contributions were written by paid-for developers. That puts Linux freedom in context.

But the biggest challenge is sexiness. There's very little of it in Linux unless you're an antisocial geek, and products like the Apple's iPad illustrate this massive divide painfully. As Jim Zemlin, Executive Director of the Linux Foundation, puts it, "Linux can compete with the iPad on price, but where's the magic?"

Linux has the programmers, the managers, the community, the innovation, the time and the skill. But to succeed in 2010 and the coming decade, what it really needs is a magician or two.




Read More ...

In Depth: How to create your own free computer forensics kit on a USB drive

The super-sleuth detectives in TV show CSI have some very nifty tools to help solve crimes. But the need to keep things interesting and wrap the show up in an hour means the technology used in each episode bears little resemblance to the work of real forensic experts. Or does it?

When it comes to computer forensics, today's tools are becoming more advanced, leaving fewer places to hide information. This tension between fact and fiction took on a whole new dimension when Microsoft's police-only forensic toolkit was leaked on the internet. Reports say that it has more in common with CSI than The Bill.

We're going to show you how to mimic Microsoft's offering using open-source software to unlock Windows accounts, investigate suspicious activity, see any file on a Windows disk and even peruse files that others believe have been permanently deleted.

Forensic toolkit

During November 2009, it was announced that someone had leaked Microsoft's secret crime-fighting software online.

Described as a collection of programs linked by a sophisticated script, hackers and other cybercriminals had been dying to get their hands on it for some time. Now it's reportedly available to anyone brave enough to download and install it.

The Computer Online Forensic Evidence Extractor (or COFEE for short) has been available to police forces since at least summer 2007, and is designed to gather forensic evidence at crime scenes and during raids from the still-running PCs of suspects and victims.

COFEE

COFEE reportedly takes the average police officer about 10 minutes to master, and comes supplied on a bootable USB pen drive. It enables trained officers to gather evidence from a running system without the need to call in cybercrime specialists, thereby speeding up investigations.

The USB drive itself is said to contain a package of about 150 forensic programs that enable an investigator to record sensitive information like internet history files and complete practical tasks like deleting Windows passwords. It also enables them to upload the recorded data for further analysis.

By April 2008, it was reportedly in use by over 2,000 law enforcement officers throughout 15 countries. At the time of the leak, Microsoft claimed that COFEE was nothing more than a collection of commercially available programs brought together in a single handy package, which it makes available free of charge (if hitherto secretly) to help combat computer crime.

If that's true, then is it also possible to create your own version of COFEE using free, open source software that will grant you complete access to a Windows computer?

The answer is a resounding yes, but we must stress that using what you're about to learn for malicious purposes on a computer you don't own isn't big and it's certainly not clever. Don't use the following information to try to hack other people's computers or networks. Without the in-depth knowledge required to cover your tracks, you'll be caught and will probably face prosecution.

If you hack computer systems in the US and get caught, you should be prepared to undergo a one-sided extradition process and go through a judicial system that will put you on a par with hardened terrorists before forcing you to serve a long prison sentence.

There are plenty of commercial computer forensics systems around these days, but many of them cost serious money or are only available to the police. However, the open source community has a solution in the form of a special Linux distribution called Backtrack 4.

Introducing Backtrack 4

Backtrack 4 is based on a stripped-down version of Ubuntu Linux, which is a popular choice for home users because of its ease of installation and use. The makers of Backtrack 4 have stacked the application with special security and forensics tools. These make it extremely useful to network security specialists and police forces, as well as anyone interested in knowing exactly what's happening on their own networks and any second-hand machines they've bought.

Despite being Linux-based, Backtrack will grant you complete access to data stored on computers running any version of Microsoft Windows. That's because Windows isn't running when Backtrack is booted from a DVD or USB pen drive.

Linux can read Windows disks, but it doesn't obey the file permissions, so the machine's hard disk simply seems to contain a lot of files waiting to be accessed. As well as booting and running directly from a DVD as a Live CD installation that never installs on your computer, you can also install Backtrack on a hard disk as the only operating system, or next to an existing Windows installation.

If you plan to install Backtrack on a USB pen, you'll need one with a minimum 2GB capacity. This booting option brings Backtrack closer to Microsoft's COFEE than any other option.

First, you need to download the Backtrack 4 ISO file, which is just under 1.6GB. You can download it from the Backtrack site directly or click the 'Torrent' link on the same page. There are multiple sources from which you can leech parts of the file in parallel, so in practice it's faster to download the ISO as a torrent.

Once the ISO has downloaded, use it to make a bootable DVD. We've listed a free and easy to use CD/DVD package capable of making bootable disks in the Resources section. When that's done, test your work by ensuring your BIOS is set to boot from CD/DVD before attempting to boot from your hard disk, then insert the DVD and reboot the PC. Select the option to boot with a screen resolution of 1,024 x 768.

Backtrack boot

When Backtrack has booted, you'll see a command line. To start a desktop environment, enter the command startx and press [Enter]. After a few seconds, the standard KDE desktop will start.

Find your way around

Backtrack is loaded with all the obscure little utilities used by professional security consultants. Many of them are fiddly command-line programs, but a lot have graphical front ends that make them simple to use.

Hover your mouse over the icons on the menu bar at the bottom of the desktop and KDE will tell you the name of each one. We'll use the names that appear when you do this to make thing easy to identify here.

The network interface cards are designed for network security work, and are disabled by default when you boot up Backtrack. This is because if anyone (or anything) is listening to network traffic, the last thing you want to do is announce your presence by requesting an IP address over DHCP.

To enable networking, click the black Konsole icon to open a terminal window, then enter the following command:

/etc/init.d/networking start

After a moment or two, during which lots of verbiage scrolls up the screen, open Firefox (the icon is next to the terminal on the menu bar) and enter www.google.com as a URL. You should see the world's favourite search engine appear.

networking

Much like the Start button in Windows, the left-hand icon on the menu bar brings up the installed programs and system configuration options. This is called the K menu and is organised into subject areas. The one we're most interested in is the first: 'Backtrack'.

Click on this and you'll see a submenu containing categories of hacking programs, with which Backtrack has been preloaded. Clicking one of these reveals nested subcategories right down to individual programs.

Map the neighbourhood

Let's begin by scanning the local network for hosts (another name for networked computers). Starting from the K menu, select 'Backtrack | Network Mapping | Identify Live Hosts | Autoscan'. A wizard will appear. Click 'Forward' and you'll be asked for the name of a network to scan.

Leave this as 'Local network' and click 'Forward' again. The next screen asks where the network is located. We're scanning the local network, so accept the default of it being connected to your computer by clicking 'Forward' once more.

Next, select the default network adaptor. This will usually be called 'eth0'. If you don't see any adaptors in the pull down menu, it's because you didn't start networking earlier. Close Autoscan, start networking and run Autoscan again. Click 'Forward' one last time to confirm what you've asked Autoscan to do, then maximise the user interface that appears so you can see everything.

Autoscan now contacts every possible IP address on the local subnet to see if there's a machine connected to it. If there is, it adds an entry to the left-hand pane. Notice that in some cases, Autoscan can even tell you the username that's logged in.

When you select a host, Autoscan will attempt to gain more information about it for you. A wizard will also appear, asking you to add it to the Autoscan online database. Cancel this. You can go between tabs between the interface's right-hand panes to display a summary of the machine, detailed information or an inventory.

Autoscan works by sending a stream of specially crafted packets to each host in turn. These are designed to return information about the running system and can give away a surprising amount of information. Autoscan is a useful tool for detecting whether your neighbours are leeching your Wi-Fi, for example. If you don't recognise a host, it's probably an intruder – so up your security!

Wipe passwords

Logging into a Windows system is easy using Backtrack, even if you don't know any of the usernames or passwords that have been set up. That's because you can use a utility bundled with Backtrack to remove the password on any Windows account, including administrator accounts.

This is possible because of a file called the SAM (Security Access Manager), which is normally locked by the Windows kernel so that no one else can read it. This is modifiable while Windows isn't running.

First, we need to find out where the system's hard disk resides in Linux. To do this, click the Konqueror icon on the desktop menu bar. This will open the Konqueror desktop browser. Click the 'Storage media' link. If you don't see anything right away, press [F5] to refresh the view.

Among the media that Backtrack knows about on your system, you'll see your hard disk. Click this and you'll see the folders in C:\, which is useful if you need to copy, add or modify files without logging into Windows directly.

Now select the Home icon on the Konqueror toolbar (the one that's shaped like a house) and click the blue 'up' arrow next to it. Click the Media folder, and then the 'Hard disk' icon again. The location bar will change to give the name we must use to access the disk. It'll be something like '/media/disk'.

Chntpw

Now, from the Start menu, select 'Backtrack | Privilege Escalation | Password Attacks | Chntpw'. 'Chntpw' stands for 'Change NT Passwords' and it works on all versions of Windows. When you run the command, a terminal window opens. You can ignore the verbiage on the screen and enter the following command:

chntpw -i /media/disk/Windows/System32/config/SAM

The capitalisations are very important here – 'chntpw' is all lowercase. If your Windows partition is called something other than 'disk', put its name in place of this in the command.

Press [Enter] and a text-based menu will appear. Select 'Option one' and press [Enter] again. This gives you a list of the Windows user accounts. Type the name of the account you want to change (taking care to use the correct case for each letter) and then press [Enter].

Chntpw displays lots of details about the account and gives you a number of options. Select 'Option one' and the password will be removed from the account. To exit, type ! and press [Enter], then press [Q] and hit [Enter] again. Chntpw will ask if you want to write the hive files. You do, so press [Y] followed by [Enter].

If you now reboot into Windows, you'll be able to log into the account you've changed without being prompted to enter a password.

Recovering deleted files

Many people believe that when they delete a file and then empty the Recycle Bin, it's gone for good – but this isn't the case. Windows, like all modern domestic OSes, simply marks the sectors on the disk occupied by the deleted file as available for future reuse. It would be inefficient to overwrite the data those sectors contain until new data is ready to be stored.

In the meantime, the old file is still there, available to be read by anyone with access to a file recovery utility. Backtrack contains several such applications. Among the easier to use is PhotoRec, which is capable of scanning a hard disk and recovering a comprehensive list of all files marked as deleted.

In fact, it can recover far more than just files deleted by users, including temporary files left over from when the operating system was installed. This means it's a good idea to have a spare USB pen drive handy to store the recovered files for later perusal, because they can easily run into the thousands.

To get going, insert the drive and run Konqueror. Click 'Storage media' and then select your USB pen drive to ensure that Backtrack is aware of it. You can leave Konqueror open and check the scan's progress later.

Now run PhotoRec by navigating to 'Backtrack | Digital Forensics | Forensic Analysis' and then selecting 'PhotoRec'. The program itself runs on the command line, but it's menu driven, making it easier to use.

PhotoRec

When PhotoRec runs, it first presents you with a list of the hard disk partitions on the computer. In the case of a Windows-only machine, there'll probably be only one large one. However, in some Windows 7 installations, there may be a second, small partition that the system uses to store recovery data.

Use the up and down arrow keys to select the main partition, then press [Enter] to continue. PhotoRec can understand a large number of partition table types and will automatically identify the one used on your disk, so accept the default on the next screen by pressing [Enter] again.

The next screen enables you to specify the file types to recover. Use the left and right arrow keys to highlight 'File Opt' at the bottom of the screen. Next, press [Enter]. The resultant display will give you a long list of all the recognised types.

If you only want to recover one file type (JPG, for example), press [S] to deselect everything, then scroll down to the relevant type and press [Space]. You can use the [Page up] and [Page down] keys to navigate through the list more quickly.

Once you're happy with your file type selections, press [Enter] and select the filesystem you want to scan. Use the left and right arrow keys to select the 'Search' option, then press [Enter]. This presents you with a choice of file system types.

For a Windows filesystem, make sure you select 'Other', then press [Enter]. On the next screen, select 'Free' to ensure that the program only scans disk sectors that are marked as free space. Press [Enter] again to continue. You'll now be asked where to store the recovered files.

The default is the directory '/usr/local/ bin', which is on the boot media. Press the left arrow key three times to get back to the root directory, then press the down arrow key repeatedly to navigate to the media directory. When you reach it, press [Enter] to see the media connected to the system.

One of the devices you find should be the USB pen drive you inserted and navigated to in Konqueror just a moment ago. Select this and press [Enter] again. Finally, press [Y] to begin recovering deleted files. The extraction process can take quite a while, depending on how much free space there is to scan on the disk and the number of file types you've specified.

As the scan progresses, the number of files of each type will increase. PhotoRec creates a long list of subfolders in which it stores all the files it's recovered. By perusing these, you may be able to locate some interesting or even incriminating pictures and other documents.




Read More ...

1 comment:

Anonymous said...

I seriously love your site.. Pleasant colors & theme. Did you build this
web site yourself? Please reply back as I'm planning to create
my own personal site and want to find out where you got this from or what the
theme is called. Many thanks!

My blog post; Vapor Pen