Wednesday, August 14, 2013
Surya Brasil Amazonia Preciosa Hands & Body Lotion Review
Press Sample
The Surya Brasil Amazônia Preciosa line,
Features cosmetic products for skin and hair care, which promote beauty while respecting nature.
They are more than just natural cosmetics; they are organic cosmetics! They are rich in plant oils, essential oils, extracts, butters and other active ingredients that promote the benefits of nature in its purest state, composing a
Daily Blog #52: Understanding the artifacts LNK Files
Time to continue the series of understanding the artifacts building up to a deeper understanding of proving usage. Today we are going to go into a well known artifact LNK files and them move through Jump lists, MRU keys and the other artifacts we use to establish use and explain how to stitch them together. Along the way we will detail the nuances that can change your opinion or possibly lead to misinterpretation.
LNK files are one the simplest artifacts and many, many, many people have written about them. Here are some of my favorite LNK write ups if you are reading this and are not familiar with them:
http://www.forensicswiki.org/wiki/LNK
http://www.forensicfocus.com/link-file-evidentiary-value
http://windowsir.blogspot.com/2013/06/there-are-four-lights-lnk-parsing-tools.html
The funny thing about artifacts as simple as LNK files is that they reveal as much information to the examiner as they care to know. When I do interviews for a position at G-C I ask a series of questions relating to artifacts and what they mean to the examiner. This isn't a trick question, which I explain to the interviewee, but rather a gauge to determine how far down the rabbit hole the examiner has gone. As an example for LNK files I would ask the following to an interviewee:
'What can you determine from a LNK file'
I can determine the rough expertise of an examiner by how many of the following points they answer with. I then take this in combination with other artifact questions/scenarios and the level of depth they answer to determine their level of forensic experience rather than focus on their resume.
Beginner Answer:
A LNK file reveals what files and/or programs a user accessed.
Intermediate Answer:
A LNK files reveals what files and/or programs a user accessed and the network path and MAC address of the where the access took place.
Experienced Answer:
A LNK file reveals what files and/or programs a user accessed and the network path and MAC address of where the access took place. In addition it contains the timestamps captured from the file and/or program being accessed that represents the file at the time the access took place.
Senior Answer:
A LNK file reveals what files and/or programs a user accessed and the full path\network path and MAC address of where the access took place. In addition it contains the timestamps captured from the file and/or program being accessed that represents the file at the time the access took place. It also contains the volume serial number of the device which you can use to match the LNK back to the volume the file came from if not a network data source. In addition LNK files contain shell items allowing the examiner to determine the type of folder being accessed (volume/network/file/uri).
Expert Answer:
A LNK file contains two sets of timestamps relevant to the examiner. The first set of MAC times belong to the LNK file itself, it reveals by creation date when the file was first accessed as recorded by this LNK file. The modification time records the last time the LNK file was updated and should reflect the last successful access. The second set of dates is maintained within the LNK file and represents the MAC times of the file being accessed based on the last successful access to the file from the LNK file. In order to determine prior states of the file you can examine the restore points (XP), shadow copies (win 7) and carved LNK files to find all the other versions of this LNK file that also reference this file and volume serial number/shell item uniquely. Each updated set of internal MAC times represents another successful access of the file through the LNK File and should be counted towards usage.
Now if you noticed I didn't say the Expert Answer had to go into depth on the technical structure as to what all can be contained within a LNK file, that isn't as important to me as the ability to properly interpret what the data means in the context of analysis. I assume that anyone who can give me an expert answer already has the technical knowledge of the file format to give additional facts when needed, but I find that people who give just technical information are missing the larger picture of what they data means in their analysis and what they can prove with it.
So with that said, tomorrow we will continue on with usage artifacts. Do you think I missed something or do you have an even better answer? Leave it in the comments, I'm always interested in additional views on analyzing familiar artifacts!
GUI Designer: Koda 1.7.3.0
What's new:
- Graphic editor
- Better support of limited accounts and UAC under Vista/Seven
- Styles editor allow multiple selection
- Icons in additional controls (Tab, ListView, TreeView)
- Redone Object tree, with support of editable descriptions
- Awareness of GUI_SS_DEFAULT styles
- And many smaller changes (see full history)
New version 1.7.2.0 is out!
What's new:
- Added small abilities that become in latest beta of Autoit
- Improved language system
- Improved update checking
- Improved site
New version 1.7.1.0 is out!
What's new:
- Customizing colors
- External import framework
- Custom controls (ones that available via standard UDFs)
- Rewritten support for icon - now it support full color ones
- Better support (bugtracker, wiki)
Bugfix release 1.7.0.1 is out!
After another year, new version 1.7.0.0 is out!
Most significant changes in this release:
- Customizable toolbars
- Undo support
- Aligning palette
- Import Autoit GUI scripts
- Full help file, with context sensitive help support
After long period of development and testing, new release 1.6.0.0 is finally here! Thanks to all who support us and help done this work!
Most significant changes from previous release:
- New, more fast and reliable form read/write routines.
- Rewritten form list handling code
- Menus support (with visual editor)
- Obj support (with visual browser)
- Templates-based code generation
- Generating event-based code
- Help file (unfinished)
WinRAR 5.00 Beta 8 (32-bit)
DOWNLOAD NOW!!!!!
Wc3isk v2.1 RC 7 – Warcraft 3 Inventory Hotkey
Wc3isk or Warcraft III Inventory Short Key is a support tool for warcraft III. The other name of this tool is Active Inventory HotKey. This tool is just like a keyboard driver, not like other tools, it does not hack into Warcraft III. So, it is safe to use with battle.net or Garena.
- Support Multimedia Keyboard and Gaming Keyboard.
- Support 5-buttons Wheel Mouse.
- Support chatting (native) (v2.1 or newer).
- Work like a keyboard driver.
- Does not hack into Warcraft III or Garena.
- Legal to all Anti-Virus.
- Only one single file, extract and run.
- Very Small (77KBs).
- Config dialog auto show up when running program for the first time.
- Keyboard control software (eg: Setpoint, itouch…) should be turn off.
- Keyboard Hot-key ON/OFF (F7) can be changed.
- You can press hot-key while holding Shift for way point function.
- Enable Wheel support will also lock scroll wheel.
- In Windows Vista/7, Wc3isk must run under administrator privilege (Run as Administrator).
- Alt-F4 is reserved for fast closing.
- To know which keys are available for hot-key, please read “Readme.txt”.
- Annoying balloon tips can be disabled in tab “Info…”.
- Series v2.1 are special builds for DoTA, maybe incompatible with other maps.
- Version for x86 system will also work in x64 system but it comes with some unexpected bugs.
- SPACE is not working. You want it, you pay for it. You have to accept that so-call buggy.
- Number button (above button QWERTY) when use with Shift will make conflict. Combination Shift + [1] will set [1] with function “focus on hero” also overridden numpad function. There is no cure for this, not for version 2.1rc7 or older version.
wc3isk v2.1 RC7 | -Change key [space] into available Hotkey. |
wc3isk v2.1 RC6 | -Fix silly mouse bug ‘out side’ war3, occur in wc3isk v2.1 rc5 -Fix mouse hotkey serious bug (one mouse click and there goes 16 times hotkey) -Fix button [`]. -Fix minor bugs in key/mouse capture engine. -V2.1 series are special builds for DoTA, other map may be incompatible. |
wc3isk v2.1 RC4 | -Re-construct the whole key capture engine. -Make new rules on assigning hot-key. -Support chatting (native). -Minor tweaks on GUI. -Put option Show Config on start. -Minor tweaks on mouse capture. -Bugs fix in wc3isk v2.1 rc3. -Fix minor bug in chatting and in new key capture engine. -V2.1 series are special builds for DoTA, other map may be incompatible. |
wc3isk v2.0+ | -Core engine from v2.1 RC2 -Remove chat support feature to make it compatible with all maps. |
wc3isk v2.0f | -Release on Dec-1-2009. -Already known as final version. -Windows 7 supported. -Update some minor functions. -Auto acquire Admin Privilege (use with Garena). |
wc3isk v2.0d | -Fix Keyboard Hot-key bugs in v2.0c. -Fix Wheel issues. -Add function: “Enable Mouse Support” for who want mouse capture. -Improve Mouse capture engine. -Add function: “Disable Wheel Scroll”. -F8 – Toggle ON/OFF keyboard Hot-key. |
wc3isk v1.0d | -ESC will now cancel assign key. -Fix some issues when assign one key to more than one button. -Decrease picture size by convert to JPEG and load with JPEG support lib. -Improve key detect engine. -Support multimedia keyboard. -Fix some minor issues. -Tweak on executable file size. |
wc3isk v1.0: | -The first stable version. |
Make offer to earn money
On August 14, 2013, 8:58 AM Breaking News Microsoft has announced that Windows 8.1 will begin rolling out to users worldwide on October 18th at 12am New Zealand time (4am PT on October 17). The update will hit retail channels a day later, with new devices running Windows 8.1 and boxed copies of the software expected to be available. For everyone currently running Windows 8, Microsoft will be delivering Windows 8.1 as a free update through the Windows Store. As previously reported, the update brings a number of new features and improvements over Windows 8. The Start button will partially return, search and multi-tasking have been greatly enhanced, the Start screen has been improved including new customization options, and the OS has been optimized for smaller tablets. Microsoft is expected to deliver final Release to Manufacturing (RTM) code to OEMs by the end of August, as recent reports have indicated. Unlike previous years, the RTM code will not be made available to TechNet and MSDN subscribers before the general launch in October. Instead, Microsoft is expected to work on several zero-day patches during the time between RTM and release, fixing minor issues discovered by OEMs. In the lead up to the Windows 8.1 launch on October 18th, expect to see many new devices emerge from the shadows running the new OS. It's possible that we'll see Microsoft line-up the next-generation Surface launch with the release of Windows 8.1, marking the one year anniversary of both the original Surface RT and Windows 8. Other OEMs are also expected to show off smaller Windows-powered tablets, making use of Microsoft's small-screen optimizations.
Lam's Noodle House | Signature Specialty Noodle
Six Things You Should Know About Me + A Giveaway!
Lucky for you, you don’t have to get on a plane to Korea to take part in the Korean cosmetic boom! I have spent the better part of two years living, learning, and loving the country of Korea and in honor of my return home to America, my friends and I are giving little old you the opportunity to get your hot little hands on a whole slue of Korean cosmetics and beauty products.
2. Winner will be contacted no later than the 23rd. Winner will have 48 hours to respond, if winner does not respond with 48 hours a new winner will be notified by email.
3. Sit back and relax because I’ll package your pretty little package up and get it in the mail. Contest is only open to U.S. residents.
Bourjois Laser Toppings Nail Polish Review & Swatches
�Top Coat� nail polishes have been super popular recently with lots of brands bringing out different formulations (such as confetti, glitter & opal top coats) to switch up your usual plain nail style. The most recent is by Bourjois with their new Laser Toppings, to add a bit of sparkle and glitter to everyday nails.
Very sorry for this picture heavy post � I just think they are too beautiful not to photograph!
Without an undercoat
So Laque Glossy in BC Beige & Laser Toppings in Sun Scale
So Laque Glossy in Adora Bleu & Laser Toppings in Blue Neon
Violet Couture & Laser Toppings in Aqua Purple
The Laser Toppings include tiny little shiny, metallic strips in a clear base which remind me a little of the Nails Inc Feather collection. These can be used alone & built up to create a full-on opaque glitter nail, but as you can see above these toppings really stand out and come alive when paired with a base coat of the same shade. The Beige & Sun Scale combination is my current favourite for an everyday nail art look. I recommend these if you�re looking to jazz up basic blocks of colour on the nails with something a little more interesting than just plain glitter.
These are available now for �5.99 each in your local Boots & Superdrug stores.
Will you be purchasing these babies? What�s your favourite current nail top-coat?
xxx
Tuesday, August 13, 2013
Daily Blog #51: Understanding the artifacts USNJrnl
I'm going to change tracks this week and focus on a deeper understanding of the USNJrnl and its associated artifacts to prove usage from our challenge two weeks ago. To prepare for this series I want to take a bit to explain what each of the artifacts we rely on for proof of usage were created for. When we are complete I hope you will look at your cases in a different way.
Today we are going to talk about the USNJrnl. The USN Jrnl or Update Sequence Number Journal aka the Change Journal was first introduced in Windows 2000 but didn't get enabled by default until Windows Vista (that I know of, please leave a comment if you have evidence of other default states/os's). I have seen it enabled for EFS encrypted drives on XP but I can't say if that's a default setting.The concept of the change journal was simple, many programs need to know when files are changed so they can be backed up, compressed, scanned, replicated, etc...
Prior to the change journal a developer would have to register hooks or shims into the operating system for all reads and writes to be able to be notified that a file is being created/modified/deleted and to process it. The Change Journal gave the developer a central api to monitor that covered all subscribing functions and prevented a lot of unnecessary overhead. You can read more about the basics of the Change Journal here on wikipedia. The original announcement of it was made in September 1999 and can be found here its interesting that it took as long as it did for it to be enabled by default. You can see that it was being marketed to developers as a way to centrally monitor file system changes and improve performance.
The current change journal development documents are here and if you relying on change journal evidence in your cases you should be familiar with the use case scenario because things are not as black and white as they appear. What do I mean by that? In our testing we've found that a file left open overnight and accessed at different times will create multiple USN open/close/delete events. You cannot rely on the file open and file close times of a file to determine total time of access, it may only be showing you the times of activity against a file that was open the entire time. In addition we've found file close/file delete being used to close a file handle but not to delete the file itself.
I'm going to into more detail of how individual Change Journal operations work and get logged as we move forward so I don't want to get ahead of myself. So in summary remember that the Change Journal keeps track of file system changes for the benefit of those subscribing services. If you are unsure of a pattern of records your seeing the best thing you can do is build a virtual machine and try to recreate those actions to validate your assumptions. The Change Journal is not as simple as we all though it to be! Tomorrow I'm going to continue talking about Usage artifacts and then go into depth on the Change Journal and the rest of them.
The Organic Pharmacy Collagen Boost Mask: Review
At this point I am sure that you are abundantly aware that The Organic Pharmacy is one of my greatest skincare discoveries in many many years. This is such an amazing line that the more products that I try, the more I realize that one can have amazingly effective skincare without all of the chemicals. Their Collagen Boost Mask is one of my recent discoveries, and I have to say that it is a
Deal Alert: Burberry Lip Cover Soft Satin Lipstick Set: Nude Beige, Tea Rose & Dusty Rose, Oh My! Available at Nordstrom! Swatches!
Purchased by me. Affiliate link.
This gorgeous Burberry Lip Cover Soft Satin Lipstick Set just resurfaced on the Nordstrom website, and I popped one right into my cart until I realized that I already had this set!!! For my full review, click here.
Burberry Lip Cover Soft Satin Lipstick hydrates lips while providing full coverage and beautiful color. Light texture provides intense moisture