The Ellis Hotel was the Winecoff Hotel, scene of a tragic fire, December 7, 1946, in which 119 people died. Allen Goodwin's Winecoff Fire Remembrance Page is a moving, historical reminder. Another Atlanta tragedy, the Orly Crash in 1962, killed 130.
That needs to be said, but this is the Archtiecture Tourist and we are here to talk about sixty lions on the cornice.
The Winecoff opened in 1913. William Lee Stoddart designed it as well as the Georgian Terrace and the Ponce Apartments.
Can you see the lions from down here?
I'd never have noticed except that whitespace put together an exposition for Stanley Beaman & Sears studio on the top floor of "Davisons" featuring art by Ann Stewart and Seana Reilly.
This was a 3-fer: Art, Architecture, Elevation so I went.
When I got out of the elevator on the 6th floor, the Ellis cornice was right in my face.
What do you think of the cornice detailing? And it has lions.
Lions-in-the-cornice has been a good look for a long time. See The Metropolitan Museum of Art's Limestone cornice with a lion�s head early 4th century B.C..
I had to count them.
The south cornice has three
The east cornice (facing Peachtree Street) has 25.
The north cornice (facing Ellis Street) has 29
The west cornice has three.
But what's the story on Lion 45?
View Larger Map
Sunday, August 11, 2013
Daily Blog #49: Sunday Funday 8/11/13
Hello Reader,
It's that time again, Sunday Funday time! For those not familiar every Sunday I throw down the forensic gauntlet by asking a tough question. To the winner go the accolades of their peers and prizes hopefully worth the time they put into their answer. This week I am changing things up and letting the winner pick their choice of prizes!
The Prize:
The Challenge:
This week on the forensic lunch we have been talking about OSX and timemachine forensics. So let's have a OSX/Timemachine Challenge!
You have been given a timemachine drive that had multiple systems backing up to it over the network. After imaging it you need to determine what has been done, answer the following questions:
1. What are the different types of backups you could find on a timemachine drive
2. How can you distinguish which hosts backup you are looking at
3. How would you extract a single backup for a specific date
4. What is the difference between a timemachine backup and a .mobilebackup
There, thats not too bad now is it? I look forward to your answers!
It's that time again, Sunday Funday time! For those not familiar every Sunday I throw down the forensic gauntlet by asking a tough question. To the winner go the accolades of their peers and prizes hopefully worth the time they put into their answer. This week I am changing things up and letting the winner pick their choice of prizes!
The Prize:
- Winner's Choice A year license of Accessdata Triage or a Advanced Training Track ticket to PFIC
The Rules:
- You must post your answer before Midnight PST (GMT -7)
- The most complete answer wins
- You are allowed to edit your answer after posting
- If two answers are too similar for one to win, the one with the earlier posting time wins
- Be specific and be thoughtful
- Anonymous entries are allowed, please email them to dcowen@g-cpartners.com
- In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
The Challenge:
This week on the forensic lunch we have been talking about OSX and timemachine forensics. So let's have a OSX/Timemachine Challenge!
You have been given a timemachine drive that had multiple systems backing up to it over the network. After imaging it you need to determine what has been done, answer the following questions:
1. What are the different types of backups you could find on a timemachine drive
2. How can you distinguish which hosts backup you are looking at
3. How would you extract a single backup for a specific date
4. What is the difference between a timemachine backup and a .mobilebackup
There, thats not too bad now is it? I look forward to your answers!
Dupe Alert: Chanel Rouge Coco Shine in Boy & Hourglass Femme Rouge Velvet Crème Lipstick in Edition!
When I reviewed Hourglass Femme Rouge Velvet Crème Lipstick in Edition, Sara made the comment that it reminded her of her favorite Chanel Rouge Coco Shine in Boy- which was precisely what I had thought when I swatched it.
I decided to find Boy and swatch them to see, and wouldn't you know it- they are nearly identical!
In fact, so much so that if you have one and are considering
Saturday, August 10, 2013
Mata Thai | Affordable Thai Food
28th July 2013
Mata Thai is located near the CPF Building at Bishan. It is my third time visiting this neighbourhood Thai restaurant and I always find the food to be okay. Their strength seemed to lie in their main courses and for a Thai restaurant, I am convinced they can’t do Thai desserts.
It is my first time trying their Fish Head Curry which was recommended by my sister and brother-in-law and although I am not sure how Thai is this dish. That doesn’t matter because this is some good stuff. The curry was really good together with their white rice. My gripe with this dish however is the fish. The flesh was a bit chalky which could be a sign of frozen fish. Then again, maybe it is just the kind of fish they use. I am happy with the curry.
I wanted to order Phad Thai but in some confusion it ended up as Tang Hoon with Prawns (6.00 SGD). They are very generous with the prawns. The stir-fried glass noodles was decent too.
Desserts were a let-down. The Tapioca was tasteless and the Mango Sticky Rice just didn’t make the cut with its dried out glutinous rice and slices of sour mango. Overall, I think I would come back again for the main courses and skip the desserts. The prices are wallet-friendly here too. The total bill was about 10-15 per pax with drinks, rice, desserts and main courses included.
Mata Thai
#01-390, Blk 508
Bishan Street 11
Nhãn:
Budget : $$,
Cuisine : Asian,
Cuisine : Thai,
Food : Dinner,
Foodie : Xin Li,
Place : Bishan,
Singapore,
TRAVEL,
travel tips
Google Account Video Purchases
Bishan, Singapore
Joe & Dough | Bread for the Average Joe
3rd August 2013.
After much research, bouncing of messages on Facebook with my two fellow Moose, I surrendered (I can't beat them when it comes to argumentative) and let them decide the place to meet up and to my delight we meet at somewhere really affordable at Millennia Walk.Let’s just say company and affordability were the saving grace here. The Vanilla Latte (5.80 SGD) was not bad but the Croissant (2.80 SGD) was disappointing. While I appreciate that they warm it up for you, this croissant is comparable to those served on planes. It deflates the moment you hold it in your hand and lacks the buttery fragrance I seek.
Joe & Dough
Millenia Walk
9 Raffles Boulevard #02-31
Singapore 039596
They have another outlet at Marina Bay Link Mall as well.
Opening Hours:
Mon - Fri : 0730 - 1900
Weekend & P.H : 0900 - 1900
Nhãn:
Budget : $,
Budget : $$,
Cuisine : Western,
Food : Bread,
Food : Breakfast,
Foodie : Vinleon,
Foodie : Xin Li,
Foodie : YewAnn,
Place : Civic District,
Place : Esplanade,
Place : Marina Bay,
Singapore,
TRAVEL,
travel tips
Google Account Video Purchases
9 Raffles Boulevard, Singapore 039596
Daily Blog #48: Saturday Reading 8/10/13
Hello Reader,
It's Saturday! Hooray! The week is over and fedex pickup ends earlier today meaning you either have extra time in the lab or a some time at home. Either way, get some coffee and lets get our forensic reading going.
1. Joachim Metz has updated his volume shadow specification paper, not this week bu recently enough that I didn't read it until this week. If you are at all curious about how the volume shadow service data structures are stored then read this for what I believe to be the most detailed guide outside of whatever internal team at Microsoft developed it. In addition if you care more about the usage of volume shadow copies in your analysis and the existence of unallocated space in VSC's you should read this paper he presented which will answer questions you didn't even know you had.
2. Did you read yesterday's blog? No? Oh well we had another Forensic Lunch with David Nides, Kyle Maxwell, Joseph Shaw and the fine fellows I work with at G-C Partners. Tune in and keep up with what I think was a great hour of forensic discussion.
3. Andrea London has posted the slides for her talk at DefCon http://www.strozfriedberg.com/wp-content/uploads/2013/08/DefCon-2013.pdf tilted 'The Evidence Self Destructing Message Apps Leave Behind'. Her talk covers a wider base of these applications than I've seen covered before and it's a good read as she and Kyle O'Meara go deep into the file system internals and network traffic exchanged.
4. Lenny Zeltser posted a nice retrospective of how teaching Malware Analysis has grown, http://blog.zeltser.com/post/57795714681/teaching-malware-analysis-and-the-expanding-corpus-of. It's a nice short read and reinforced the idea that his advice remains the same 10 years later:
It's Saturday! Hooray! The week is over and fedex pickup ends earlier today meaning you either have extra time in the lab or a some time at home. Either way, get some coffee and lets get our forensic reading going.
1. Joachim Metz has updated his volume shadow specification paper, not this week bu recently enough that I didn't read it until this week. If you are at all curious about how the volume shadow service data structures are stored then read this for what I believe to be the most detailed guide outside of whatever internal team at Microsoft developed it. In addition if you care more about the usage of volume shadow copies in your analysis and the existence of unallocated space in VSC's you should read this paper he presented which will answer questions you didn't even know you had.
2. Did you read yesterday's blog? No? Oh well we had another Forensic Lunch with David Nides, Kyle Maxwell, Joseph Shaw and the fine fellows I work with at G-C Partners. Tune in and keep up with what I think was a great hour of forensic discussion.
3. Andrea London has posted the slides for her talk at DefCon http://www.strozfriedberg.com/wp-content/uploads/2013/08/DefCon-2013.pdf tilted 'The Evidence Self Destructing Message Apps Leave Behind'. Her talk covers a wider base of these applications than I've seen covered before and it's a good read as she and Kyle O'Meara go deep into the file system internals and network traffic exchanged.
4. Lenny Zeltser posted a nice retrospective of how teaching Malware Analysis has grown, http://blog.zeltser.com/post/57795714681/teaching-malware-analysis-and-the-expanding-corpus-of. It's a nice short read and reinforced the idea that his advice remains the same 10 years later:
- Too many variables to research without assistance
- Ask colleagues, search Web sites, mailing lists, virus databases
- Share your findings via personal Web sites, incidents and malware mailing lists
5. If you are doing USB device forensics and have a Windows 8 system that Woanware's USB Device Forensics application does not support yet then check out TzWork's USB Storage Parser. So far its the only tool that I have that take the multiple Windows 8 USB artifacts and combines them to a single report of activity.
6. Hal Pomeranz put out a new Command Line Kung Fu entry this week, http://blog.commandlinekungfu.com/2013/08/episode-169-move-me-maybe.html, always a good read.
7. On an earlier Forensic Lunch you may have heard Rob Fuller talk about anti-forensic hard drive custom firmwares. Going more into that topic here is a great article about Hard Drive hacking and showing how these firmware changes are researched, implemented and performed. If you are dealing with an advanced subject you might want to be aware of these new possibilities! http://spritesmods.com/?art=hddhack
8. In this week Forensic Lunch we talked about parsing carved binary plists. For those of you looking to implement your own parsers or just try to understand the format better here are two sources. The first is the OSX code for binary plists, http://opensource.apple.com/source/CF/CF-550/CFBinaryPList.c, and a great write up on plist forensics by CCL http://www.cclgroupltd.com/images/property%20lists%20in%20digital%20forensics%20new.pdf.
That's all I have for this Saturday Reading. I hope these links are enough to get you through your day. Tomorrow is Sunday Funday and I have yet another challenge waiting for you to solve. This week we will have 'winners choice' where the winner can pick from a free ticket to PFIC or a year license to AccessData's Triage tool!
Friday, August 9, 2013
Daily Blog #47: Forensic Lunch 8/9/13
Hello Reader,
Going to try something different today and see if I can embed our Forensic Lunch live stream in the blog!
Forensic Lunch is something we are trying to do every Friday where we talk about updates to research from around the community as well as our challenges and successes here in the G-C Lab. If all goes well you can watch the show either love or recorded in the embedded Youtube below!
Going to try something different today and see if I can embed our Forensic Lunch live stream in the blog!
Forensic Lunch is something we are trying to do every Friday where we talk about updates to research from around the community as well as our challenges and successes here in the G-C Lab. If all goes well you can watch the show either love or recorded in the embedded Youtube below!
Tomorrow is Saturday Reading and I have some good articles and papers to pass on and don't forget Sunday for our weekly forensic contest!
9th August 2013 | The Singapura Images
9th August 2013.
It is Singapore's 48th Birthday today.
I didn't manage to finish the originally planned 48 images for National Day but here is a glimpse of what I have done and played around for the past 2 months : First there was transportation in Singapore.
Then it was food, with the Gordon Ramsay thing...
The vintage travel posters:
Then there was the "Tin Tin" series:
It was SAF Day and there were the NS related stuff.
Pok Pok & Away!
Daily Blog #46: Understanding the Artifacts USBStor
Hello Reader,
No time to finish my Gmail code review so I'm going to continue the understanding the artifacts posts to keep things going. I got some good responses yesterday from the prolific Joachim Metz regarding what he's seen in User Assist keys which I updated the post to include. The more we share our knowledge with each other the better picture we have of whats true and whats possible, so if you see something you feel is missing please let me know and I'll incorporate it!
USBStor
Most of us doing forensics are familiar with the USBStor key, we look to it to identify USB devices plugged into a system and identify the make, model (unless its generic) and serial number (as windows reports it) of the device. USBstor also has at least two sister keys IDE (for physical disks) and SBP2stor (for firewire) all of which serve the same purpose. This is one of the first registry artifacts many examiners are made away of as what USB external storage devices have been attached is so important to most investigations. Many times I'm asked as I've stated in the prior post, 'Is the computer logging this to track us? Did the NSA request this feature?'. The answer is, as far as I know, no.
Instead the USBStor and its sister keys are all related to a convenience mechanism to the user that is greatly appreciated. It associates a known device to its loaded driver! Without these keys every time you inserted an external device (USB, eSATA, Firewire in this example), the system would have to look up the driver to load it, check to see if it has the driver and load it. Instead thanks to the caching of known device to driver pairs the device quickly comes up each subsequent plugin.
You might ask, well why does it not stop keeping knowledge of devices after so many days. The answer that its more inefficient to check and expire registry keys and then just recreate them again in the future if the device is plugged in rather than just store it since hard drive space is no longer a premium.
This understanding can help you to explain odd scenarios. For instance lets say a generic USB device was plugged in (many white labeled devices do not identify a specific manufacturer) and from its name you cannot determine what kind of device it was, storage or connectivity of some kind (CDROM, Phone, MP3 player that does not expose its file system). You can look at the driver loaded to determine what functionality Windows made available to the custodian and how the custodian could have made use of it on this system.
It's this kind of deeper understanding that will lead to better explanations, testimony and fact finding. I hope you look to understand deeper and let me know if you think there is functionality that i'm missing in the comments below!
No time to finish my Gmail code review so I'm going to continue the understanding the artifacts posts to keep things going. I got some good responses yesterday from the prolific Joachim Metz regarding what he's seen in User Assist keys which I updated the post to include. The more we share our knowledge with each other the better picture we have of whats true and whats possible, so if you see something you feel is missing please let me know and I'll incorporate it!
USBStor
Most of us doing forensics are familiar with the USBStor key, we look to it to identify USB devices plugged into a system and identify the make, model (unless its generic) and serial number (as windows reports it) of the device. USBstor also has at least two sister keys IDE (for physical disks) and SBP2stor (for firewire) all of which serve the same purpose. This is one of the first registry artifacts many examiners are made away of as what USB external storage devices have been attached is so important to most investigations. Many times I'm asked as I've stated in the prior post, 'Is the computer logging this to track us? Did the NSA request this feature?'. The answer is, as far as I know, no.
Instead the USBStor and its sister keys are all related to a convenience mechanism to the user that is greatly appreciated. It associates a known device to its loaded driver! Without these keys every time you inserted an external device (USB, eSATA, Firewire in this example), the system would have to look up the driver to load it, check to see if it has the driver and load it. Instead thanks to the caching of known device to driver pairs the device quickly comes up each subsequent plugin.
You might ask, well why does it not stop keeping knowledge of devices after so many days. The answer that its more inefficient to check and expire registry keys and then just recreate them again in the future if the device is plugged in rather than just store it since hard drive space is no longer a premium.
This understanding can help you to explain odd scenarios. For instance lets say a generic USB device was plugged in (many white labeled devices do not identify a specific manufacturer) and from its name you cannot determine what kind of device it was, storage or connectivity of some kind (CDROM, Phone, MP3 player that does not expose its file system). You can look at the driver loaded to determine what functionality Windows made available to the custodian and how the custodian could have made use of it on this system.
It's this kind of deeper understanding that will lead to better explanations, testimony and fact finding. I hope you look to understand deeper and let me know if you think there is functionality that i'm missing in the comments below!
Thursday, August 8, 2013
Bistro@Changi | Planes, Memories and Makan
29th July 2013.
Pasir Ris, Simei and Tampines will bring back memories for those who have been to Pulau Tekong. But for a perm staff like me, Changi Village was an equally sentimental place where I used to go for nights out or food after booking out from camp.
One of my favourite places besides Changi Village Food Centre’s Ipoh Hor Fun was Bistro@Changi where I had company cohesions, birthdays, the once-in-a-while treat after a tough week, reunion and ORD during my time on Tekong.
It is a relatively exclusive little eatery located at Changi Beach Park where you could enjoy the cooling sea breeze (straits actually) and watch planes descending upon Changi International Airport. For a plane spotter, this is the place to be where you can enjoy food, drinks and do plane-watching.
If possible I would normally start off with a bowl of their signature Mushroom Soup (5.90 SGD). A well-balanced creamy mushroom soup with comes with a slice of garlic bread.
My favourite item on the menu is their Flame Grilled Chicken Chop (15.90 SGD) formerly “Hickory Chicken Chop” but still the same. It was the good old tender boneless chicken chop marinated with a tasty hickory barbeque sauce.
Still on their menu after 4 years is the Sambal Fish, grilled dory topped with spicy (very spicy) sambal sauce and served with buttered rice.
However, my new favourite on their menu has got to be their New Zealand Lamb (19.90 SGD), a beautifully grilled “to perfection” leg of lamb served with a delicious peppery sauce.
If you just want something to chill out such as snacks or light bites. Their Ultimate Nachos (8.00 SGD) is still on the menu. Crispy nachos served hot and topped with mozzarella cheese and jalapeno chilli with a salsa dip at the side, a perfect comfort food to spend the evening with some nice drinks from the bistro’s bar.
Otherwise, you can go local with the Bistro’s Satay (11.90 SGD). It may be pricey for a satay at 1.90 per stick but these are some really good satay comparable with Chuan Kee’s at Old Airport Road.
Currently they are figuring out a name for a special cocktail. I shall just call it the “Changi Calamansi” for now. It is a cocktail with lime and sour plum which is very refreshing and rather sweet. They have two versions. Version 2 has a stronger punch of alcohol while version 1, my preference is more enjoyable for relaxing atmosphere along Changi Beach.
I would like to come back here again for their Tom Yum Mussels or Barramundi in Thai Sauce if I do visit Changi Village again or cycle there from East Coast. The place is unpretentious, the food is decent, the ambience is top-notch (if you don’t mind alfresco dining) and the place holds great sentimental value for me.
Bistro@Changi
260 Nicoll Drive
Changi Beach Carpark 1
Singapore 498991
Operating Hours
Mon - Thurs 12pm - 11pm
Fri, Sat 12pm - 1am
Sun 10am - 11pm
How to Get There:
Bus Services : - 89, 19, 9
Alight at Changi Beach CP 2 Bus Stop.
Special thanks to Brandon for the invitation back to this memorable place!
Nhãn:
Budget : $$$,
Cuisine : Western,
Foodie : Muyao,
Foodie : Xin Li,
national service,
Place : Changi,
TRAVEL,
travel tips
Google Account Video Purchases
260 Nicoll Drive, Singapore 498991
Moving the Little House a Little Means a Lot - Iman Park
The cottage is about 94 years old and it has a new story to tell. They moved it about 130 feet. It already has a Facebook page: At the Collective part of the new Krog Street Market. This was Tuesday morning, August 6, 2013.
The move was as much fun as an architecture tourist can have. In the process the movers, contractors, developers, and sidewalk superintendents felt an unexpected camaraderie. We were all smiles at the end and the good cheer has lasted me for 36 hours.
Why'd they move it? Why didn't they just tear it down?
It's the only house on that side of the block but I doubt many noticed.
Folks lived there up until about a year ago; Google street view still has a picture. Real estate sites say it's 1,080 square feet, built in 1920. The "1920" is probably wrong.
It's cute but it was in the way, almost a victim of the Atlanta BeltLine which made the development of Krog Street Market possible. For you non-Atlantans: The BeltLine is really big deal.
In most circumstance they'd have torn it down. Instead, it's a great preservation story.
That's because it's in Inman Park and Inman Park is strong and strict. And it's because folks are more preservation minded these days. Aren't they?
It was in the way, smack in the middle of the space. The "Inman Park overlay Historic District" said they couldn't mess with it.
Then at a meeting of developers and city planners someone wondered, "Can we move it?"
They laid foundations at the corner of Lake Street and Waddell.
They hired Roy Bishop House Movers from Stockbridge and went to work.
This is what they had to do.
The fiddled and rocked and tweaked and brought it home.
This was "the man" John Kinard, owner of Roy Bishop House Movers. During the move he was calm, quiet and serious. When it was done, he smiled, chatted, iPhoned, and headed out to the next job.
He told me it is well built, that if they'd braced it wrong they'd have broken it in half. He said there was a hidden chimney and if they hadn't found it and braced it properly it might have been trouble.
The Paces Properties folks were certainly happy, another milestone on the way to opening Krog Street Market.
Now for some TLC.
The is the corner of Lake and Weddell before, thanks to Google street view.
The cottage at its now home looking fine, it went from invisible to anchor.
I took way too many pictures and videos of the move.
View Larger Map
The move was as much fun as an architecture tourist can have. In the process the movers, contractors, developers, and sidewalk superintendents felt an unexpected camaraderie. We were all smiles at the end and the good cheer has lasted me for 36 hours.
Why'd they move it? Why didn't they just tear it down?
It's the only house on that side of the block but I doubt many noticed.
Folks lived there up until about a year ago; Google street view still has a picture. Real estate sites say it's 1,080 square feet, built in 1920. The "1920" is probably wrong.
It's cute but it was in the way, almost a victim of the Atlanta BeltLine which made the development of Krog Street Market possible. For you non-Atlantans: The BeltLine is really big deal.
In most circumstance they'd have torn it down. Instead, it's a great preservation story.
That's because it's in Inman Park and Inman Park is strong and strict. And it's because folks are more preservation minded these days. Aren't they?
It was in the way, smack in the middle of the space. The "Inman Park overlay Historic District" said they couldn't mess with it.
Then at a meeting of developers and city planners someone wondered, "Can we move it?"
They laid foundations at the corner of Lake Street and Waddell.
They hired Roy Bishop House Movers from Stockbridge and went to work.
This is what they had to do.
The fiddled and rocked and tweaked and brought it home.
This was "the man" John Kinard, owner of Roy Bishop House Movers. During the move he was calm, quiet and serious. When it was done, he smiled, chatted, iPhoned, and headed out to the next job.
He told me it is well built, that if they'd braced it wrong they'd have broken it in half. He said there was a hidden chimney and if they hadn't found it and braced it properly it might have been trouble.
The Paces Properties folks were certainly happy, another milestone on the way to opening Krog Street Market.
Now for some TLC.
The is the corner of Lake and Weddell before, thanks to Google street view.
The cottage at its now home looking fine, it went from invisible to anchor.
I took way too many pictures and videos of the move.
View Larger Map
Subscribe to:
Posts (Atom)