What’s new in Nuix 7.2?

What’s new in Nuix 7.2?

Nuix 7.2. Powering today. Shaping tomorrow.

The latest release of Nuix 7.2 eDiscovery Workstation is absolutely packed full of new exciting features. Below I will attempt to offer some brief details on some of the more interesting features which will help you to conduct a more comprehensive investigation or discovery workflow.

For a full list of changes please refer to the Nuix 7.2 changelog documentation available here.

 

Cloud Storage

Cloud storage provider support has been improved by offering support for accounts from Google Drive, Microsoft OneDrive, Apple iCloud and Box.com. In the Add/Edit evidence dialogue you will see these options under ‘Add Network Location’. While Nuix already has support for Dropbox accounts, we now also offer support for extracting deleted files from Dropbox!

Adding a cloud storage provider in Nuix

Microsoft EDB files

We have added support for extracting data from the Extensible Storage Engine (ESE) Database File (EDB) format. The ESE database format has been used by several different functions within the Windows operating system for a while now such as Content Indexing / Windows Desktop Search and Active Directory, but in recent times it has become the standard database for storing Internet Explorer browser artefacts. It also stores information from Cortana, the Windows 10 virtual assistant.

Password bank

This is a cool new feature that allows for ingestion time decryption of certain file types. This feature can be accessed when adding / processing new evidence by selecting the “Decryption keys” in the evidence processing settings dialogue. If you wish to use this feature you will need to select an existing word list in your case as the password bank feature is otherwise off by default. After successfully decrypting a file the new unencrypted version appears as a child item of the original encrypted item. We provide both files to support multiple workflows.

nuix password bank

Create new child items from selected binary regions

This is one the forensic folks will be happy to hear about. You can now select a specific region of binary in the binary viewer and create a new child item from that region. A typical scenario where this could be used is to create new child items using text stripped regions of unallocated space.

 

"Create new child item" from binary region

Offline maps

In previous versions of Nuix you would not be able to use the Maps view without an internet connection, however many investigators work in air-gapped offline environments – So they would not be able to make use of a very powerful feature of Nuix. With 7.2 you now have the option to switch your maps view to “OpenStreetMaps” in the top left corner of the of the maps view.

Nuix maps view

For now the built-in web browser is not capable of rendering the OpenStreetMaps” data directly so there is a requirement to run a “tile server” which is just a node.js app that serves these rendered files to the built-in browser. The IP address / URL of this server will need to be specified under “Global Options > Results”. While I have not personally tested this, I have heard that the performance of this view is much better than Bing maps as it uses GPU-accelerated HTML canvas to render vector data whereas Bing Maps fetches heavy pre-rendered JPEG tiles from a server.

Pivoting

You can take any item and pivot around it by either time or location showing you all items or events that happened within a given time window, or within a specified distance (Geo-location). Select any item(s) in the results pane, right-click and navigate down to “Pivot” which has sub-menus for time and location. This pivot feature has been implemented in Workbench and Context.

Nuix Pivot Workbench
Workbench
Context pivot
Context

Imaging and production profiles

Production sets now make heavy use of Imaging and Production profiles to help control exports and provide repeatable control which can be specified under the “Imaging and Production” tab when creating a Production set. You now have access to fine-grained control to specify how to image each type of document. One example where this might be useful is creating custom slipsheet templates for a specific imaging profile, based on defined rules.

Imaging and Production tab
Imaging and Production tab

Closing thoughts

I think Eddie Sheehy summed up the new release of Nuix 7.2 aptly, and I strongly agree with his sentiment:

“In response to requests from our customers in advisory firms, litigation service providers, law enforcement agencies, and businesses around the world, we’ve added features to help them conduct comprehensive eDiscovery and investigation workflows within a single application.”

Although some of my descriptions are brief I do intend on elaborating on these in future posts. If anyone wants to add discussion to what I mentioned above feel free!

What is SMI-S? What is the EMC SMI-S Provider? What is ECOM?

What is SMI-S? What is the EMC SMI-S Provider? What is ECOM?

What is SMI-S? What is the EMC SMI-S Provider?

The first step in understanding the functionality of ECOM and the EMC SMI-S Provider, is to first answer the question of what is SMI-S? Essentially it is an attempt at standardisation of storage management and it’s related technologies to increase interoperability. This standardisation was created by The Storage Networking Industry Association (SNIA) who envisions “leading the storage industry in developing and promoting vendor-neutral architectures and standards” according to their mission statement. This is lead by the SNIA’s Storage Management Initiative (SMI). The Storage Management Initiative Specification (SMI-S) is a standard that has been developed by the SNIA.

How many more acronyms are there?

A few more.. but I’ll keep it short. These are more for reference than anything else.

  • The SMI Architecture is based on Web-Based Enterprise Management (WBEM) from the Distributed Management Task Force (DMTF).
  • The architecture is a client-server model that uses CIM-XML as the protocol. The client interface is the combination of the operations defined in CIM-XML and the model defined in SMI-S. The model is defined using the Common Information Model (CIM) and based on the CIM Schema. The EMC implementation of CIM is named ECIM.
  • The CIM is an object oriented model based on the Unified Modeling Language (UML). Managed elements are represented as CIM Classes that include properties and methods to represent management data and functions.

What is ECOM?

The EMC Common Object Manager (ECOM) enables communications and common services for applications. ECOM supports the ECIM which is used to represent the wide variety of components found in data centers using the CIM schema. The CIM schema provides a common methodology for representing systems, networks, applications, and services as a set of object-oriented models that can be bound to real-world functionality. Management applications based on CIM can interact with resources such as data storage hardware from multiple vendors, without direct knowledge of the underlying systems.

CIM classes identify types of resources. A class can represent a broad category of resources or can be subclassed to represent a specific type. For example, the class CIM_NetworkPort represents a broad category of heterogeneous network communications hardware, while EMC_NetworkPort is a subclass that represents an EMC specific subset. While classes define types of things found in a managed IT environment, instances represent individual implementations of a class. A specific port at a specific network address is an example of an instance of class EMC_NetworkPort.

The ability to exchange information, retrieve data, execute commands, and discover available resources are also required to link the elements in a network. Before resources can be managed, they must first be discovered by management applications. The Service Location Protocol (SLP) defines a mechanism for locating services in a network. Applications looking for a service are called user agents (UA), and applications providing a service are called service agents (SA). In terms of SLP, ECOM acts as a service agent that advertises its address and capabilities. When a UA has found the ECOM-exposed services that it needs, it begins communicating directly with each ECOM instance via CIM-XML messages.

A successful SMI implementation

ECOM is vital to the successful implementation of SMI. In order to successfully implement SMI there are two requirements; A WBEM Server and a SMI Provider. A WBEM server is responsible for routing of requests and management of SMI Providers. An SMI Provider will use an Application Programming Interface (API) to communicate with devices and retrieve the information in CIM format. In this scenario the ECOM service and the EMC SMI-S Provider are paired together to successfully implement an SMI-compliant interface.

EMC SMI-S Provider
Source: The EMC SMI-S Provider Programmers Guide

So what makes this the EMC SMI-S Provider as opposed to a generic SMI-S Provider? Due to the exceedingly large number of classes available in CIM and because of their broad nature, profiles were created. Profiles allow one to make use of CIM for specific domains. A profile defines the set of classes and properties that must be used to model the managed resource. The EMC SMI-S Provider is made up from the array providers. The profiles from these providers allow an SMI-S Client to retrieve information from, or make changes to specific storage systems.

First steps with the WordPress administration area

First steps with the WordPress administration area

WordPress 101 – First steps with the WordPress administration area

Now that you have finished installing WordPress on your desktop or server, it is time to get familiar with the WordPress administration area. I will take you through some of the basics of using the web interface and begin customising your website.

Logging in to the WordPress administration area

First step to using WordPress is accessing the WordPress administration area or the backend of your website. You can access the WordPress login page by adding “wp-admin” to the end of your URL (e.g. http://mywebsite.com/wp-admin). Now you will be presented with a form prompting you for a username and password. If you recall during the installation process we created a username and password which you will enter into this form. Please not this is not the MySQL username and password.

wordpress administration username passwordThe Dashboard

After logging into the administration page you will be greeted with the Dashboard. In WordPress a Dashboard is the main administration screen for a site.  It summarizes information about the site in one or more Widgets that you can add and remove. The Dashboard is also where you will plant the seeds of your new website – Creating pages, writing posts, designing the layout and making the website your own.

Starting at the top of this page we can see the toolbar.  The toolbar contains links to information about WordPress, as well as quick-links to create new posts, pages and links, add new plugins and users, review comments, and alerts to available updates to plugins and themes on your site. It also has a handy link to directly view your new website by clicking on your name.

wordpress administration toolbar

On the left side of the WordPress administration page is the main navigation menu, which is where you will perform most of your functions. As you move your cursor down this list you will see a number of sub lists pop out detailing further actions. You should get familiar with this menu – Poke around at the various options and sub menus available.

Viewing your posts

A post is a single article within a blog. What you are reading right now is a post. Assuming you are using the default WordPress theme then you will only have one post to work with in the beginning. This post will be visible on the front page, or the homepage of your website. Go take a look for yourself by navigating to your website using the WordPress toolbar. If you click on the title of the post it will bring you to the page of the post. Alternatively you can also view the post by clicking the ‘View’ button in the posts page:

wordpress administration postsPosts are usually stored in Categories and/or Tags so you can keep related topics together. Every Post in WordPress is filed under one or more Categories. Categories allow the classification of your Posts into groups and subgroups. Tags are the keywords you might assign to each post. The difference is that tags have no relationship to each other. They can be completely random for each post. Tags provide another means to aid your readers in accessing information on your blog. Looking at the screenshot above you can see that post is in the WordPress category, and does not have any tags.

Viewing your pages

Pages are not to be confused with posts. Pages are for content such as “About,” “Contact me”, etc.. For example I have an about me page. They live outside of your blogs home page. To look at your pages you can click on the ‘Pages’ option in the navigation menu. One thing to note is that normal web pages can be either static or dynamic. Static pages are created once and do not have to be regenerated every time a person visits the website. If you take a look at my about me page you might think that this is static – Nothing changes on this page whenever you visit it. However, almost everything in WordPress is generated dynamically including pages.

As I discussed in my previous post on WordPress installation everything published within WordPress is stored in the MySQL database. When the page is accessed the database information is queried by your WordPress template from your theme and the web page is generated. Technically this would be considered a “pseudo-static” page as static information is generated dynamically by the template. I will discuss this further in future posts.. Stay tuned.

By default you will not have any pages available to look at, so try creating one and see what happens. How does your page look?

Looking for more?

For now I would recommend taking a look at the WordPress Codex, but in future posts I aim to expand on the details behind pages, posts, templates, themes, plugins, and anything else related to WordPress that I can expand on..

Thanks for reading!

Recovering the partition table of a corrupted USB stick using TestDisk

Recovering the partition table of a corrupted USB stick using TestDisk

Recovering the partition table of a corrupted USB

Yesterday I came across an extremely useful utility called TestDisk. I managed to rescue my Dads micro-SD card when all hope looked lost. Somehow the micro-SD card partition table became corrupted after his phone got wet. I have never heard corruption-by-water before but I guess that’s a thing!

First signs of partition table corruption

The first problem we noticed after drying the phone out was that most of the apps on his android device were missing. After removing the memory card and re-inserting it again a message popped up saying that he needed to format the card before it could be used. Obviously this doesn’t sound good and first my thought jumped straight to water damage. However despite this I powered on to see if I could avoid formatting the device. After attaching it to my desktop a similar message appeared: You need to format the disk in drive G: before you can use it. 

windows partition table formatIn disk management I could see the device as a RAW filesystem so the first thing I did was open up DISKPART and see if that could manipulate the partition. With DISKPART I encountered a weird a problem in that there was only one partition (Partition 1) and it was marked as active (Denoted by a *) however all commands were failing with an error stating that a partition must be selected. This also meant that CHKDSK would not work either. Still refusing to give up I moved onto the tried-and-trusted GParted ISO VM, but this only gave me the option of creating a new partition table which in turn would require formatting the device.

TestDisk – My saviour

It was at this point I happened to stumble across a utility called TestDisk while trying to Google a solution for my corruption issue. Their website states that TestDisk is a free and open source data recovery software tool designed to recover lost partition and unerase deleted files. Recovering a lost partition sounded like exactly what I needed so I figured I would give it a go.. and it worked! TestDisk managed to rescue the partition table and restore partition 1 as the active partition. We plugged the memory card back into my Dad’s phone and voila all his apps were back to normal.

How to use TestDisk to recover a partition table

While I’m here I figure I may as well show you how to use TestDisk and the procedure I followed. The first prompt you receive after launching the TestDisk executable is whether or not you wish to create a log file of the completed actions. If you choose to create the text file, testdisk.log , it will contain TestDisk options, technical information and various
outputs; including any folder/file names TestDisk was used to find and list onscreen. I went with ‘No Log’:

TestDisk log partition table

Now we are good to go with finding the partition..

  1. First step is to choose your media device. Mine was listed as ‘Disk /dev/sdd’ at the time.  You can choose your appropriate device via your arrow keys on your keyboard.
  2. Next you choose your partition table type from the list. For this step I went with ‘EFI GPT’
  3. Lastly you choose the ‘Analyse’ option. At this point I was given a message stating that there were no partitions found, but after another scan it found the primary partition.
  4. Use to arrow keys to navigate to the partition and press the return key (Enter)
  5. Now you will be given the option to ‘Write’ the partition table

This managed to successfully recover the partition table without formatting the sdCard and therefore retaining all of the data. I am so happy I stumbled across TestDisk and I know I’m going to end up needing it again in the future.

How to edit a WordPress site offline on your Windows desktop using WAMP

How to edit a WordPress site offline on your Windows desktop using WAMP

WordPress: How to edit your site offline on your Windows Desktop using WAMP

In my previous post I covered the installation of WordPress with WAMP. You might want to read that before continuing here! Now that I have wampserver and WordPress installed and running on my desktop it’s time to import my production site so I can make changes offline. Once again I have another gripe with the WordPress documentation – There isn’t enough detail on this topic. How to move your WordPress site to edit it offline should be discussed in the “Moving WordPress” section of their Codex. I tried reading the above section but it’s so generic it’s mostly unhelpful. With this post I aim to help anyone in a similar situation to me.

Backing up your online WordPress site

Your WordPress database contains every post, every comment and every link you have on your blog. If your database gets erased or corrupted, you stand to lose everything you have written. While I could go through the process of doing everything manually, I decided to make use of the various plugins available in WordPress. I started with “UpdraftPlus – Backup/Restore” but in order to make use of migrate and export options I needed to buy another plugin for that plugin – Yeah, not happening. Next up I decided to take a look at a plugin named “Backup Guard” which seems to work great so far.

First off I installed BackupGuard on the production site. After installation there is a new entry in the sidebar for “Backup Guard”. Clicking on the backup guard entry will bring you to the following GUI where you can complete a backup or import a previous backup. I performed a manual backup and you can see it completed successfully:

wordpress mage of backup guard

I connected to the production site via SFTP and transferred the backup to my local desktop. Swapping over to the offline instance of WordPress I tried to import the backup, however it told me the file was too large (67MB) but offered me an alternative:

wordpress mage of backup guard

If your file is larger than 2MB you can copy it inside the following folder and it will be automatically detected: C:\WAMP\www\wordpress\wp-content\uploads\backup-guard

Please note your directory may be different depending where you installed WordPress. So I did just that; Copied my sgbp file to the above folder and it appeared once I returned to the backup guard section again. Now I just needed to click the restore button and hope everything went to plan:

wordpress mage of backup guard

This process took approximately a minute or so and then I was brought back to the login prompt again. First I felt a little panicky because my credentials I setup in the previous installation were not being accepted. Then I realised my mistake; The credentials being requested were those of my live website rather than the offline instance – Silly me! After logging in all of my pages and posts were visible from the production website on my offline instance. The import was a success!

Much easier than I expected – Highly recommend Backup Guard!

How to install WordPress locally on your Windows desktop using WAMP

How to install WordPress locally on your Windows desktop using WAMP

WAMP Server: How we can use it to edit WordPress sites offline

Now that we have a fundamental understanding of how a WordPress theme functions, it’s time to start using WordPress.

To run WordPress on any machine there are a few requirements:
  • PHP version 5.6 or greater
  • MySQL version 5.6 or greater OR MariaDB version 10.0 or greater
  • ‘Web server software such as Apache

This may seem like an intimidating list of software to source and download one-by-one, but that won’t be necessary. This is where WAMP comes into play!

What is WAMP and why do I need it?

WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database. Alongside, PhpMyAdmin allows you to manage easily your databases. An all-in-one package which contains everything that WordPress requires so our lives had suddenly become much easier. There are other clients for Windows such as XAMPP with the biggest difference being that WAMP runs on Windows, XAMPP is multi-platform. Aside from that it’s a matter of personal preference. They both provide you with an Apache-MySQL-PHP environment that runs pretty much the same under both systems.

Installing wampserver on Windows

Before installing WordPress you will need to download and install wampserver on your Windows desktop. Double click on the downloaded file and just follow the instructions. Everything is automatic. The WampServer package is delivered with the latest releases of Apache, MySQL and PHP.

You will need to choose the installation directoy for WAMP – The recommendation being that you do not install to “Program Files” but instead install it in a folder in the root directory as there could potentially be some permissions issues. I installed it to C:WAMP which worked fine. At one point during the installation, WampServer will ask for the location of the default web browser and text editor. WampServer will automatically choose notepad.exe and Internet Explorer as the default options but these can be changed if needed.

Once the installation completes successfully you should see the ‘W’ icon in your notification area:

wamp server icon in notification area
If you don’t you will need to start wampserver by finding the entry in your start menu. On Windows 8 my entry looked like this:

wamp erserver icon in start menuCreating a database for WordPress to use

Before installing WordPress you will need to create a database that WordPress can use. To do this we will need to access one of the wampserver features named phpMyAdmin. Easiest method of accessing this is to left-click the wampserver icon and click on phpMyAdmin:

phpmyadmin entry in wamp server

This will open a new browser window to http://localhost/phpmyadmin with a login prompt (Or you can just go to this URL manually). The default credentials here are root with no password. When you log in you may notice the big warning at the bottom of the page stating “You are connected as ‘root’ with no password, which corresponds to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user ‘root’.” Sounds scary but this is not a problem as long as this is only a local installation.

Click on the databases tab at the top of the page which will give you a list of the current databases and allow you to create a new database. In the ‘Create database’ menu enter a name for your database. I called mine ‘wordpress’ for simplicity sake:

wordpress database in wamp phpmyadmin

Download and install WordPress on Windows

Don’t worry we’re almost there! Now it’s time to go and grab yourself a copy of WordPress from their website. This will download a .zip file which you will need to unzip. Once unzipped you will find a wordpress folder which you will need to move to C:\WAMP\www. So my directory structure looks like C:\WAMP\www\wordpress. As soon as the copy completes you should be able to access WordPress via your web browser via http://localhost/wordpress. If you rename the wordpress folder to mysite then you would access it via http://localhost/mysite. You should be prompted to choose your language for WordPress. WordPress will then inform you that it is going to create a wp-config file using the provided information in the following steps. If for any reason this automatic file creation doesn’t work, don’t worry. All this does is fill in the database information to a configuration file. You may also simply open wp-config-sample.php in a text editor, fill in your information, and save it as wp-config.php.

One the next page you will need to enter your database details. Here is what mine looks like:

Wordpress database information using wamp

If you recall in the earlier steps I created a database named wordpress and we logged in using the default credentials of root and no password. If this works you can proceed to the next steps with a very friendly message:

All right, sunshine! You’ve made it through this part of the installation. WordPress can now communicate with your database. 

Now we can proceed with actually installing WordPress!

On the next page it will ask you for:

  • A website title – What is the name of your website? I just named mine offline.
  • A username for logging in with
  • A password for the above username
  • An email address

If the installation succeeds you should then be brought to the login prompt where you will need to enter the username and password you just created.

What now?

Whatever you want! You now have a fully functional installation of WordPress which you can use testing and offline development. Have fun!!

If you want to learn more take a look at a few of my other WordPress posts:

WORDPRESS – THE THEME HIERARCHY

HOW TO EDIT A WORDPRESS SITE OFFLINE ON YOUR WINDOWS DESKTOP USING WAMP

WordPress – The theme hierarchy

WordPress – The theme hierarchy

Theme hierarchy in WordPress – The anatomy of a theme

What is the WordPress theme hierarchy / template hierarchy? Well, let me explain..

My cousin asked me to develop a website for her Father’s business. Initially I thought this would be a great learning experience as I knew the basics of web development (HTML, CSS, PHP, and a bit of JavaScript) but had never completed a full website before. I slowly but surely realised just what I had landed myself into… !

To cut a long story short I decided it would be best to create and implement a WordPress theme. I’ve always heard this makes content management very straightforward and doesn’t require much knowledge of PHP / HTML for managing. Sounds perfect – Unless you’re the one developing the WordPress theme in which case it’s an absolute pain!

Had I known how difficult this would be I definitely would not have chosen to develop a WordPress theme for my first development job. The first hurdle I encountered was understanding the theme hierarchy. See what I did at first was simply hard code an index.php and styles.css and upload them as a “theme”. Then I tried to create a new page from within WordPress and that wouldn’t work – It kept bringing me back to index.php. I had also tried to create a contact.php with the company contact details – Now how do I get this to appear in WordPress? Hmmmm..

At this point I learned about the WordPress Theme Hierarchy. I didn’t really understand it, but I knew it was how WordPress determines which template file(s) to use on individual pages. So I kept trying numerous different implementations, none of which worked. Read multiple blog posts and just ended up confused. Until I saw the ‘template-loader.php’ being mentioned somewhere and this is what finally made me understand the theme hierarchy template. Show me in code and I’ll understand!

Let’s take a look:

wordpress theme hierarchy

Examining this file is what finally made everything click with me in terms of how pages get selected, and the reason why creating a new page in the WordPress GUI was not working. I only had an index.php! Basically, this code steps through each of the query context conditionals in a specific order, and defines the template to use for the first one that returns true. So in my case, only index.php was being found and so only the contents of index.php were being returned.

When a person browses to your website, WordPress selects which template to use for rendering that page. As we learned earlier in the Template Hierarchy, WordPress looks for template files in the following order:

  • Page Template — If the page has a custom template assigned, WordPress looks for that file and, if found, uses it.
  • page-{slug}.php — If no custom template has been assigned, WordPress looks for and uses a specialized template that contains the page’s slug. A slug is a few words that describe a post or a page. If the page slug is recent-news, WordPress will look to use page-recent-news.php.
  • page-{id}.php — If a specialized template that includes the page’s slug is not found, WordPress looks for and uses a specialized template named with the page’s ID. If the page ID is 6, WordPress will look to use page-6.php.
  • page.php — If a specialized template that includes the page’s ID is not found, WordPress looks for and uses the theme’s default page template.
  • index.php — If no specific page templates are assigned or found, WordPress defaults back to using the theme’s index file to render pages

I realise this is just the basic knowledge needed but I hope to discuss this further. Writing here helps me understand and get my thoughts clear.