Monday, June 11, 2012

Adventures in new machines

Ok, switching to a new machine and moving all your tools to it always sucks, but really, I mean really, it shouldn't be this hard! I've been working on getting Delphi installed on my machine for the past 4+ hours so that I could start working on Satori again (yes it is written in Delphi, I still hate C and C++ though one of these days I swear I'll learn it). Ok, I'm running an ANCIENT version of Delphi, Delphi 6, but I refuse to pay $900 to get the latest version and since I didn't upgrade over the years I can't get by on the cheaper upgrade price of $500, or whatever it was. The saga starts, install Delphi 6. Program from 2001 or so, 1 CD install flies. Launch it, Windows 7 whines, Delphi 7 isn't supported.... Huh, this is Delphi 6, click past the stupid error and it works fine. It didn't like the debugger I don't think, but oh well, it installed. Oh new machine, Borland only lets you install 3 times or so before they make you email in on a rebuild to bump your license count. On a plus side, they got back in me in under 30 mins having bumped my license limit (thanks Bryce, very impressed). Ok, go to open Satori, missing VirtualStringTree, try to install that, missing XP Theme Manager, install that. Missing this component, then this, then that. Damn I'd forgotten how many little components I'd added to Satori over the years (time to write it command line only already, more on that shortly). While I was at it, oh lets go ahead and get the latest version of XYZ, hey why doesn't this work anymore, oh yeah, I'd added my own little code into their file for the convience factor since it needed extended. ARRGGGHHHH.... 4 hours later Satori opens and compiles again! YEAH! Satori cmd line - ok, I made a linux version 3 or so years ago, cmd line only, thinking of expanding that and doing a windows/linux version that is cmd line only. Been doing a ton of Snort stuff lately and the way Snort/Barnyard2/BASE all work together makes me think I should look at doing that again. Get Satori to just write to file as fast as it can, maybe doing the fingerprinting lookup, maybe leaving that to a 2ndary piece of software that would also dump it into a DB. Then get a pretty front end to read it near real time out of the DB. All a pipe dream now, no free time to do any of this, but it is on my mind to do one of these days. If I do do that, I'll be switching it all over to Free Pascal and Lazarus most likely or maybe I'll get real bold and convert the whole thing to C++, wouldn't that be a kick (why do I hate C/C++ so much.....). Anyway, long story short, Satori can be compiled on my machine again and maybe I'll do some updates. Oh and satori is getting used a bit more, more on that in another post down the road.

Saturday, June 9, 2012

Forensics Contest #10

Well it has been awhile since they released one to the public, but the Lake Missoula Group has released a new puzzle. Besides just network this time it appears to have some HD forensics required! If time permits I hope to get to this in the near future. You have until 7/23/12 to submit your answers. Contest #10 can be found here.