A digital device can be the proof of innocence of an accused. In this case, the digital evidences retrieved on the device constitutes a digital alibi.
Many studies have been shown how it is possible to set up a PC or any other digital device in order to automatically produce digital evidences. How is reliable a digital alibi?
In this project, we show a novel techniques to set up a false digital alibi using Apple operating system, Mac OS X 10.7.3 (also called Lion). We demonstrate that you can create digital evidences in very simple modes, simulating operations easily attributable to human activities and where the produced traces remain indistinguishable to a post-mortem analysis on the computer. This work emphasizes how the probative value of digital evidence should always be evaluated together with traditional investigation techniques.
Do They Really Smell Bad? A Study on Developers' Perception of Bad Code SmellsFabio Palomba
In the last decade several catalogues have been defined to characterize bad code smells, i.e., symptoms of poor design and implementation choices. On top of such catalogues, researchers have defined methods and tools to automatically detect and/or remove bad smells. Nevertheless, there is an ongoing debate regarding the extent to which developers perceive bad smells as serious design problems. Indeed, there seems to be a gap between theory and practice, i.e., what is believed to be a problem (theory) and what is actually a problem (practice). This paper presents a study aimed at providing empirical evidence on how developers perceive bad smells. In this study, we showed to developers code entities—belonging to three systems— affected and not by bad smells, and we asked them to indicate whether the code contains a potential design problem, and if any, the nature and severity of the problem. The study involved both original developers from the three projects and outsiders, namely industrial developers and Master students. The results provide insights on characteristics of bad smells not yet explored sufficiently. Also, our findings could guide future research on approaches for the detection and removal of bad smells.
Next! - An Android application to support tourists activitiesFabio Palomba
Next! is an Android application born to support tourist activities providing historical informations, videos, images. Moreover, Next! “automatically” know what is the nearest place closest to user interests, through the use of social network.
Detecting Bad Smells in Source Code using Change History InformationFabio Palomba
Code smells represent symptoms of poor implementation choices. Previous studies found that these smells make source code more difficult to maintain, possibly also increasing its fault-proneness. There are several approaches that identify smells based on code analysis techniques. However, we observe that many code smells are intrinsically characterized by how code elements change over time. Thus, relying solely on structural information may not be sufficient to detect all the smells accurately. We propose an approach to detect five different code smells, namely Divergent Change, Shotgun Surgery, Parallel Inheritance, Blob, and Feature Envy, by exploiting change history information mined from versioning systems. We applied approach, coined as HIST (Historical Information for Smell deTection), to eight software projects written in Java, and wherever possible compared with existing state-of-the-art smell detectors based on source code analysis. The results indicate that HIST’s precision ranges between 61% and 80%, and its recall ranges between 61% and 100%. More importantly, the results confirm that HIST is able to identify code smells that cannot be identified through approaches solely based on code analysis.
Software evolution often leads to the degradation of software design quality. In Object-Oriented (OO) systems, this often results in packages that are hard to understand and main- tain, as they group together heterogeneous classes with unrelated responsibilities. In such cases, state-of-the-art re-modularization tools solve the problem by proposing a new organization of the existing classes into packages. However, as indicated by recent empirical studies, such approaches require changing thousands of lines of code to implement the new recommended modularization. In this demo, we present the implementation of an Extract Package refactoring approach in ARIES (Automated Refactoring In EclipSe), a tool supporting refactoring operations in Eclipse. Unlike state-of-the-art approaches, ARIES automatically identifies and removes single low-cohesive packages from software systems, which represent localized design flaws in the package organization, with the aim to incrementally improve the overall quality of the software modularisation.
ARIES: An Eclipse Plug-in To Support Extract Class RefactoringFabio Palomba
During software evolution changes are inevitable. These changes may lead to design erosion and the introduction of inadequate design solutions, such as design antipatterns. Several empirical studies provide evidence that the presence of antipatterns is generally associated with lower productivity, greater rework, and more significant design efforts for developers. In order to improve the quality and remove antipatterns, refactoring operations are needed. In this demo, we present the Extract class features of ARIES (Automated Refactoring In EclipSe), an Eclipse plug-in that supports the software engineer in removing the “Blob” antipattern.
When and Why Your Code Starts to Smell BadFabio Palomba
In past and recent years, the issues related to man- aging technical debt received significant attention by researchers from both industry and academia. There are several factors that contribute to technical debt. One of these is represented by code bad smells, i.e., symptoms of poor design and implementation choices. While the repercussions of smells on code quality have been empirically assessed, there is still only anecdotal evidence on when and why bad smells are introduced. To fill this gap, we conducted a large empirical study over the change history of 200 open source projects from different software ecosystems and investigated when bad smells are introduced by developers, and the circumstances and reasons behind their introduction. Our study required the development of a strategy to identify smell- introducing commits, the mining of over 0.5M commits, and the manual analysis of 9,164 of them (i.e., those identified as smell- introducing). Our findings mostly contradict common wisdom stating that smells are being introduced during evolutionary tasks. In the light of our results, we also call for the need to develop a new generation of recommendation systems aimed at properly planning smell refactoring activities.
Do They Really Smell Bad? A Study on Developers' Perception of Bad Code SmellsFabio Palomba
In the last decade several catalogues have been defined to characterize bad code smells, i.e., symptoms of poor design and implementation choices. On top of such catalogues, researchers have defined methods and tools to automatically detect and/or remove bad smells. Nevertheless, there is an ongoing debate regarding the extent to which developers perceive bad smells as serious design problems. Indeed, there seems to be a gap between theory and practice, i.e., what is believed to be a problem (theory) and what is actually a problem (practice). This paper presents a study aimed at providing empirical evidence on how developers perceive bad smells. In this study, we showed to developers code entities—belonging to three systems— affected and not by bad smells, and we asked them to indicate whether the code contains a potential design problem, and if any, the nature and severity of the problem. The study involved both original developers from the three projects and outsiders, namely industrial developers and Master students. The results provide insights on characteristics of bad smells not yet explored sufficiently. Also, our findings could guide future research on approaches for the detection and removal of bad smells.
Next! - An Android application to support tourists activitiesFabio Palomba
Next! is an Android application born to support tourist activities providing historical informations, videos, images. Moreover, Next! “automatically” know what is the nearest place closest to user interests, through the use of social network.
Detecting Bad Smells in Source Code using Change History InformationFabio Palomba
Code smells represent symptoms of poor implementation choices. Previous studies found that these smells make source code more difficult to maintain, possibly also increasing its fault-proneness. There are several approaches that identify smells based on code analysis techniques. However, we observe that many code smells are intrinsically characterized by how code elements change over time. Thus, relying solely on structural information may not be sufficient to detect all the smells accurately. We propose an approach to detect five different code smells, namely Divergent Change, Shotgun Surgery, Parallel Inheritance, Blob, and Feature Envy, by exploiting change history information mined from versioning systems. We applied approach, coined as HIST (Historical Information for Smell deTection), to eight software projects written in Java, and wherever possible compared with existing state-of-the-art smell detectors based on source code analysis. The results indicate that HIST’s precision ranges between 61% and 80%, and its recall ranges between 61% and 100%. More importantly, the results confirm that HIST is able to identify code smells that cannot be identified through approaches solely based on code analysis.
Software evolution often leads to the degradation of software design quality. In Object-Oriented (OO) systems, this often results in packages that are hard to understand and main- tain, as they group together heterogeneous classes with unrelated responsibilities. In such cases, state-of-the-art re-modularization tools solve the problem by proposing a new organization of the existing classes into packages. However, as indicated by recent empirical studies, such approaches require changing thousands of lines of code to implement the new recommended modularization. In this demo, we present the implementation of an Extract Package refactoring approach in ARIES (Automated Refactoring In EclipSe), a tool supporting refactoring operations in Eclipse. Unlike state-of-the-art approaches, ARIES automatically identifies and removes single low-cohesive packages from software systems, which represent localized design flaws in the package organization, with the aim to incrementally improve the overall quality of the software modularisation.
ARIES: An Eclipse Plug-in To Support Extract Class RefactoringFabio Palomba
During software evolution changes are inevitable. These changes may lead to design erosion and the introduction of inadequate design solutions, such as design antipatterns. Several empirical studies provide evidence that the presence of antipatterns is generally associated with lower productivity, greater rework, and more significant design efforts for developers. In order to improve the quality and remove antipatterns, refactoring operations are needed. In this demo, we present the Extract class features of ARIES (Automated Refactoring In EclipSe), an Eclipse plug-in that supports the software engineer in removing the “Blob” antipattern.
When and Why Your Code Starts to Smell BadFabio Palomba
In past and recent years, the issues related to man- aging technical debt received significant attention by researchers from both industry and academia. There are several factors that contribute to technical debt. One of these is represented by code bad smells, i.e., symptoms of poor design and implementation choices. While the repercussions of smells on code quality have been empirically assessed, there is still only anecdotal evidence on when and why bad smells are introduced. To fill this gap, we conducted a large empirical study over the change history of 200 open source projects from different software ecosystems and investigated when bad smells are introduced by developers, and the circumstances and reasons behind their introduction. Our study required the development of a strategy to identify smell- introducing commits, the mining of over 0.5M commits, and the manual analysis of 9,164 of them (i.e., those identified as smell- introducing). Our findings mostly contradict common wisdom stating that smells are being introduced during evolutionary tasks. In the light of our results, we also call for the need to develop a new generation of recommendation systems aimed at properly planning smell refactoring activities.
Issues and implementation of a process for creating a false digital alibi.
The aim is to produce a state of the personal computer that confirming a false digital alibi, following the execution of an automated procedure, without leaving any traces of automation. The aim is to answer to the questions:
1) How reliable is a digital alibi?
2) May have been artificially created?
Within the project, are discussed the issues to consider while creating a false alibi on a machine running Mac OS X and is demonstrated that it is possible to produce artificially "human" traces of machine use.
Operationalizing Clojure in mature enterprises can be difficult. I'm presenting a case study from my experience deploying and maintaining a clojure application for delivering ad-free videos to ISS for NASA. The goal is to tease out the core principles that makes an application "operational".
Tools/Processes for serious android app developmentGaurav Lochan
I've managed a team that developed serious android apps, and ended up dabbling with tools out there and processes/systems. Here is a quick summary of the various things to think about if you're serious about android development, and in some cases, my recommendations.
This covers:
IDE
Build
Source Control
Bug/Task tracking
Crash reporting
Analytics
Test Automation
Continuous Integration
Device Matrix testing
Performance testing
Beta testing
A/B testing
Backend-as-a-Service
The InstallShield of the 21st Century – Theo SchlossnagleChef Software, Inc.
Today's systems are complex and the most successful products are SaaS. When you need to ship a SaaS architecture to someone (private SaaS) there are a lot of moving parts to install and maintain. I'll talk about what we do at Circonus to provide our complex software stack on large clusters on-premise using Chef as the orchestration framework.
Microservices and functional programmingMichael Neale
A talk I did recently on microservices and functional programming. Microservices are small, single purpose apps that are run as a service, which are usually composed together to provide the real app.
Delivered at Velocity Europe in Barcelona, this talk introduces "ops" people to the idea of user centered design, touching on several techniques long used in the design world, and talks about how those ideas might be applied to software and processes that we use every day.
The following Document outlines what we believe are the top 20 Windows tools every System Administrator should know or be familiar with. Some will you most likely already know about, but we hope you'll find plenty of information here that you didn't know.
Everyone that deals with Windows in a system administrator capacity has to know about Task Manager. The nice thing is it keeps getting better with each new version of Windows.
A beginners introduction to why Infrastructure as Code (IaC), why VMs and why containers.
Builds upon on Cattles and Pets analogy to drive home how containers make it possible to do IaC and in turn build resilient services
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...Concentrated Technology
You’ve been wanting to deploy Windows 7 since the date it came out. Far more secure and manageable than Windows XP and far less cranky than Windows Vista, getting on Windows 7 is what you need to make your job easier. What’s holding you up? It might be your applications. Some apps just don’t work atop Windows 7. Others need a little extra care to get them functioning. Microsoft recognizes this need and provides a suite of application compatibility tools like the Application Compatibility Toolkit and the Microsoft Assessment and Planning Toolkit that solve this problem. Yet both of these tools can be hard to use without help. Get that help with a jump start from Microsoft MVP and deployment expert Greg Shields. You’ll leave this session with everything you need to inventory your apps, determine the fixes they need, and remove all the hurdles to your Windows 7 migration.
Augustin Marty, CEO @deepomatic, discussed computer visions' progress thanks to deep learning, at the 2016 Hello Tomorrow Summit. He puts forward a solution to tackle the challenges in computer vision, making AI for every company. Learn more at www.deepomatic.com
Augustin Marty, CEO @deepomatic, discussed computer visions' progress thanks to deep learning at the 2016 Hello Tomorrow Summit. He put forward a solution to tackle the challenges in computer vision, making AI for every company.
Does Refactoring of Test Smells Induce Fixing Flaky Tests?Fabio Palomba
Regression testing is a core activity that allows developers to ensure that source code changes do not introduce bugs. An important prerequisite then is that test cases are deterministic. However, this is not always the case as some tests suffer from so- called flakiness. Flaky tests have serious consequences, as they can hide real bugs and increase software inspection costs. Existing research has focused on understanding the root causes of test flakiness and devising techniques to automatically fix flaky tests; a key area of investigation being concurrency. In this paper, we investigate the relationship between flaky tests and three previously defined test smells, namely Resource Optimism, Indirect Testing and Test Run War. We have set up a study involving 19,532 JUnit test methods belonging to 18 software systems. A key result of our investigation is that 54% of tests that are flaky contain a test code smell that can cause the flakiness. Moreover, we found that refactoring the test smells not only removed the design flaws, but also fixed all 54% of flaky tests causally co-occurring with test smells.
Social Debt Analytics for Improving the Management of Software Evolution TasksFabio Palomba
The success of software engineering projects is in a large part dependent on social and organization aspects of the development community. Indeed, it not only depends on the complexity of the product or the number of requirements to be implemented, but also on people, processes, and how they impact the technical side of software development. Social debt represents patterns across the organizational structure around a software system that may lead to additional unforeseen project costs. Condescending behavior, disgruntlement or rage quitting are just some examples of social issues that may occur among the developers of a software project. While the research community has recently investigated the underlying dynamics leading to the introduction of social debt (e.g., the so-called “community smells” which represent symptoms of the presence of social problems in a community), as well as how such debt can be payed off, there is still a noticeable lack of empirical evidence on how social debt impacts software maintenance and evolution. In this paper, we present our position on how social debt can impacts technical aspects of source code by presenting a road map toward a deeper understanding of such relationship.
Issues and implementation of a process for creating a false digital alibi.
The aim is to produce a state of the personal computer that confirming a false digital alibi, following the execution of an automated procedure, without leaving any traces of automation. The aim is to answer to the questions:
1) How reliable is a digital alibi?
2) May have been artificially created?
Within the project, are discussed the issues to consider while creating a false alibi on a machine running Mac OS X and is demonstrated that it is possible to produce artificially "human" traces of machine use.
Operationalizing Clojure in mature enterprises can be difficult. I'm presenting a case study from my experience deploying and maintaining a clojure application for delivering ad-free videos to ISS for NASA. The goal is to tease out the core principles that makes an application "operational".
Tools/Processes for serious android app developmentGaurav Lochan
I've managed a team that developed serious android apps, and ended up dabbling with tools out there and processes/systems. Here is a quick summary of the various things to think about if you're serious about android development, and in some cases, my recommendations.
This covers:
IDE
Build
Source Control
Bug/Task tracking
Crash reporting
Analytics
Test Automation
Continuous Integration
Device Matrix testing
Performance testing
Beta testing
A/B testing
Backend-as-a-Service
The InstallShield of the 21st Century – Theo SchlossnagleChef Software, Inc.
Today's systems are complex and the most successful products are SaaS. When you need to ship a SaaS architecture to someone (private SaaS) there are a lot of moving parts to install and maintain. I'll talk about what we do at Circonus to provide our complex software stack on large clusters on-premise using Chef as the orchestration framework.
Microservices and functional programmingMichael Neale
A talk I did recently on microservices and functional programming. Microservices are small, single purpose apps that are run as a service, which are usually composed together to provide the real app.
Delivered at Velocity Europe in Barcelona, this talk introduces "ops" people to the idea of user centered design, touching on several techniques long used in the design world, and talks about how those ideas might be applied to software and processes that we use every day.
The following Document outlines what we believe are the top 20 Windows tools every System Administrator should know or be familiar with. Some will you most likely already know about, but we hope you'll find plenty of information here that you didn't know.
Everyone that deals with Windows in a system administrator capacity has to know about Task Manager. The nice thing is it keeps getting better with each new version of Windows.
A beginners introduction to why Infrastructure as Code (IaC), why VMs and why containers.
Builds upon on Cattles and Pets analogy to drive home how containers make it possible to do IaC and in turn build resilient services
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...Concentrated Technology
You’ve been wanting to deploy Windows 7 since the date it came out. Far more secure and manageable than Windows XP and far less cranky than Windows Vista, getting on Windows 7 is what you need to make your job easier. What’s holding you up? It might be your applications. Some apps just don’t work atop Windows 7. Others need a little extra care to get them functioning. Microsoft recognizes this need and provides a suite of application compatibility tools like the Application Compatibility Toolkit and the Microsoft Assessment and Planning Toolkit that solve this problem. Yet both of these tools can be hard to use without help. Get that help with a jump start from Microsoft MVP and deployment expert Greg Shields. You’ll leave this session with everything you need to inventory your apps, determine the fixes they need, and remove all the hurdles to your Windows 7 migration.
Augustin Marty, CEO @deepomatic, discussed computer visions' progress thanks to deep learning, at the 2016 Hello Tomorrow Summit. He puts forward a solution to tackle the challenges in computer vision, making AI for every company. Learn more at www.deepomatic.com
Augustin Marty, CEO @deepomatic, discussed computer visions' progress thanks to deep learning at the 2016 Hello Tomorrow Summit. He put forward a solution to tackle the challenges in computer vision, making AI for every company.
Does Refactoring of Test Smells Induce Fixing Flaky Tests?Fabio Palomba
Regression testing is a core activity that allows developers to ensure that source code changes do not introduce bugs. An important prerequisite then is that test cases are deterministic. However, this is not always the case as some tests suffer from so- called flakiness. Flaky tests have serious consequences, as they can hide real bugs and increase software inspection costs. Existing research has focused on understanding the root causes of test flakiness and devising techniques to automatically fix flaky tests; a key area of investigation being concurrency. In this paper, we investigate the relationship between flaky tests and three previously defined test smells, namely Resource Optimism, Indirect Testing and Test Run War. We have set up a study involving 19,532 JUnit test methods belonging to 18 software systems. A key result of our investigation is that 54% of tests that are flaky contain a test code smell that can cause the flakiness. Moreover, we found that refactoring the test smells not only removed the design flaws, but also fixed all 54% of flaky tests causally co-occurring with test smells.
Social Debt Analytics for Improving the Management of Software Evolution TasksFabio Palomba
The success of software engineering projects is in a large part dependent on social and organization aspects of the development community. Indeed, it not only depends on the complexity of the product or the number of requirements to be implemented, but also on people, processes, and how they impact the technical side of software development. Social debt represents patterns across the organizational structure around a software system that may lead to additional unforeseen project costs. Condescending behavior, disgruntlement or rage quitting are just some examples of social issues that may occur among the developers of a software project. While the research community has recently investigated the underlying dynamics leading to the introduction of social debt (e.g., the so-called “community smells” which represent symptoms of the presence of social problems in a community), as well as how such debt can be payed off, there is still a noticeable lack of empirical evidence on how social debt impacts software maintenance and evolution. In this paper, we present our position on how social debt can impacts technical aspects of source code by presenting a road map toward a deeper understanding of such relationship.
Smells Like Teen Spirit: Improving Bug Prediction Performance using the Inten...Fabio Palomba
Code smells are symptoms of poor design and implementation choices. Previous studies empirically assessed the impact of smells on code quality and clearly indicate their negative impact on maintainability, including a higher bug-proneness of components affected by code smells. In this paper we capture previous findings on bug-proneness to build a specialized bug prediction model for smelly classes. Specifically, we evaluate the contribution of a measure of the severity of code smells (i.e., code smell intensity) by adding it to existing bug prediction models and comparing the results of the new model against the baseline model. Results indicate that the accuracy of a bug prediction model increases by adding the code smell intensity as predictor. We also evaluate the actual gain provided by the intensity index with respect to the other metrics in the model, including the ones used to compute the code smell intensity. We observe that the intensity index is much more important as compared to other metrics used for predicting the buggyness of smelly classes.
A Textual-based Technique for Smell DetectionFabio Palomba
In this paper, we present TACO (Textual Analysis for Code Smell Detection), a technique that exploits textual analysis to detect a family of smells of different nature and different levels of granularity. We run TACO on 10 open source projects, comparing its performance with existing smell detectors purely based on structural information extracted from code components. The analysis of the results indicates that TACO’s precision ranges between 67% and 77%, while its recall ranges between 72% and 84%. Also, TACO often outperforms alternative structural approaches confirming, once again, the usefulness of information that can be derived from the textual part of code components.
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...Fabio Palomba
The role of software testing in the software development process is widely recognized as a key activity for successful projects. This is the reason why in the last decade several automatic unit test generation tools have been proposed, focusing particularly on high code coverage. Despite the effort spent by the research community, there is still a lack of empirical investigation aimed at analyzing the characteristics of the produced test code. Indeed, while some studies inspected the effectiveness and the usability of these tools in practice, it is still unknown whether test code is maintainable. In this paper, we conducted a large scale empirical study in order to analyze the diffusion of bad design solutions, namely test smells, in automatically generated unit test classes. Results of the study show the high diffusion of test smells as well as the frequent co-occurrence of different types of design problems. Finally we found that all test smells have strong positive correlation with structural characteristics of the systems such as size or number of classes.
Textual Analysis for Code Smell DetectionFabio Palomba
The negative impact of smells on the quality of a software systems has been empirical investigated in several studies. This has recalled the need to have approaches for the identification and the removal of smells. While approaches to remove smells have investigated the use of both structural and conceptual information extracted from source code, approaches to identify smells are based on structural information only. In this paper, we bridge the gap analyzing to what extent conceptual information, extracted using textual analysis techniques, can be used to identify smells in source code. The proposed textual-based approach for detecting smells in source code, coined as TACO (Textual Analysis for Code smell detectiOn), has been instantiated for detecting the Long Method smell and has been evaluated on three Java open source projects. The results indicate that TACO is able to detect between 50% and 77% of the smell instances with a precision ranging between 63% and 67%. In addition, the results show that TACO identifies smells that are not identified by approaches based on solely structural information.
Some slides on people management: why managing people in the software development lifecycle, how to manage people and how to choose team members of a project.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Free Complete Python - A step towards Data Science
A false digital alibi on Mac OS X
1. A false digital alibi on Mac OS X
Challange and solutions
Dario Di Nucci
Fabio Palomba
Stefano Ricchiuti
University of Salerno
domenica 15 luglio 12
2. Focusing on Mac OS X
Mac OS X & Forensic: how and what?
A case study
- Developing the false digital alibi
- A post-mortem digital forensic
Evaluation of the work
Is realistic a false digital alibi on a Mac OS X?
domenica 15 luglio 12
3. r3 s
pte esi
ha th
C e
th
Focusing on Mac OS X
in
domenica 15 luglio 12
4. Use of BTree
Journaling
Max File Dim 263
Max Folde r Dim 231
Hierarchical File System +
domenica 15 luglio 12
5. Disk utility
Manager of all file systems in
your Mac
Complete information
retrieving on all disks
Improve stability and
performance
Runnable from live
boot
First AID
Fix the file system errors
Prevent errors
Disk Utility
domenica 15 luglio 12
7. XTS - AES 128 bit Cryptography
User Password: Cr ypt and Decrypt
Disk
Master Password: For System
recovering
File Vault
domenica 15 luglio 12
8. All action on files (deleted,
modified, moved) are recorded on
external disk
The actions are revertable!
Huge impact on Digital
Forensic
Time Machine
domenica 15 luglio 12
9. Why analyze these?
Create false digital evidences is possible!
How?
Construct a false digital alibi using
built-in software
domenica 15 luglio 12
11. AppleScript
“AppleScript is a scripting language that
makes possible direct control of scriptable
applications and of many parts of the Mac
OS. With scriptable applications, users can
write scripts to automate operations.”
[https://developer.apple.com]
A false digital alibi: how to...
domenica 15 luglio 12
12. Example...
tell application "Finder" to quit
display dialog "Mostra Files nascosti..." buttons {"Si", "No", "Annulla"}
default button 3
copy the result as list to {buttonpressed}
try
if the buttonpressed is "No" then do shell script ¬
"defaults write com.apple.finder AppleShowAllFiles OFF"
if the buttonpressed is "Si" then do shell script ¬
"defaults write com.apple.finder AppleShowAllFiles ON"
end try
tell application "Finder" to launch
A false digital alibi: how to...
domenica 15 luglio 12
13. Automator
“Automator is your personal automation
assistant, making it easy for you to do more,
and with less hassle.With Automator, you use
a simple drag-and-drop process to create and
run “automation recipes” that perform simple
or complex tasks for you, when and where you
need them.”
[http://support.apple.com]
A false digital alibi: how to...
domenica 15 luglio 12
15. Simple to learn and use
Direct control on Mac OS X
REJ
ACC V ECT
E PT S
Actions via Drag & Drop
What about translation?
Automator or AppleScript?
domenica 15 luglio 12
16. r4 s
pte esi
ha th
C e
in th
A case study
domenica 15 luglio 12
17. .B
-4
4.A sis
raph the
rag the
Pa in
th e
lo pi ng
D e ve a lib i
ig it al
ls e d
fa
domenica 15 luglio 12
18. Best practices
Software built-in is better!
Automatism habits-based
Needs to clean all traces!
No stupid error!
Automatism setup
domenica 15 luglio 12
19. The automatism activator
Manager of the actions of
delection of traces and
scheduling
The false digital alibi maker
Automatism setup - Structural Decomposition
domenica 15 luglio 12
20. How to develop these modules?
Develop the Simulator before
the others modules allows us to
understand which are the traces
to cover
Bottom-up
Automatism setup - Structural Decomposition
domenica 15 luglio 12
27. Manual execution -> State t1
Launch automatism -> State t2
Find of the accessed and modified files in t1 e t2
Retrieve differences between t1 and t2
Double execution
domenica 15 luglio 12
31. Via software
The software must delete itself!
Interpreted language!
Removing traces
domenica 15 luglio 12
32. Python
Interpreted language!
Very simple for complex jobs!
Removing traces
domenica 15 luglio 12
33. Retrieve the last access dates of a os.path.getatime(%PATH)
resource before running the automation
Run automation (Simulator module)
Roll-back last access time after the
touch -c -t -%TIME -%PATH
execution of the script
Removing traces
domenica 15 luglio 12
34. Compiling Python files...why?
Introduction of indirect traces!
Cannot clean its own traces!
A stand-alone app doesn’t leave traces,
AT ALL!
Removing traces
domenica 15 luglio 12
35. Compiling Python files...how?
curl -O http://peak.telecommunity.com/dist/ez_setup.py
sudo python ez_setup.py -U setuptools
thi
sudo easy_install -U py2app
s isMyApplication.py
S--make-setup t
py2applet C
H py2app -A he
python setup.pyE
DUL
ER WIP
mod ER/
ule
!
Removing traces
domenica 15 luglio 12
37. Names of legal apps for the modules
e.g. Wiper/Scheduler = Caffeine.app
Secure deletion of modules and
rename legal apps
Obfuscating direct traces
domenica 15 luglio 12
38. Names of the apps are not suspect
The apps used in the process are apps really installed
on the laptop!
All references to these apps are legal!
Obfuscating direct traces
domenica 15 luglio 12
40. Problem: How launch the procedure?
Wiper/Scheduler module needs
administrator privileges
Solution
A launcher module is needed
domenica 15 luglio 12
41. Terminal???
It’s not a good idea because
some resources would be touch!
Other resources
Shell resources
Bash History
Launcher module
domenica 15 luglio 12
42. AppleScript???
AppleScript can leave traces!
Who cleans these traces???
Launcher module
domenica 15 luglio 12
43. Python, again!
thi
s is
the mpiled Python app, again!
Co
mod laun
ule che
! r
os.system("echo password|sudo -S /Volumes/MYPEN/Anonimus_e-
Mail.app/Contents/MacOS/Anonimus_e-Mail")
Launcher module
domenica 15 luglio 12
44. Problem
Launcher can’t be deleted while
running!
Launcher Wiper/Scheduler Simulator
callWiperScheduler()
callSimulator()
When the Simulator ends its execution, Wiper/
Scheduler does not delete the Launcher
module because is the Launcher that keep alive
the Wiper/Scheduler!
domenica 15 luglio 12
45. Solution
Use of threads
ppid=os.getppid()
pid=os.fork()
if pid==0 :
os.kill(pid, signal.SIGKILL)
Launcher Wiper/Scheduler Wiper/Scheduler Simulator
callWiperScheduler()
os.fork() callSimulator()
kill()
Using a thread we create a “good brother” of
Wiper/Scheduler. This allows the “bad brother”
to kill the Launcher module, keeping alive the
good brother and the whole work of the
Wiper/Scheduler module
domenica 15 luglio 12
46. .log But this operation leave
undesiderable traces in the log files
host-001 [0x0-0x71071].org.pythonmac.unspecified.Caffeine[1406]:
1410 Killed: 9 | sudo -S /Volumes/MYPEN/Anonimus_e-Mail.app/
Contents/MacOS/Anonimus_e-Mail
wifipers3128 sudo[1357]:password : TTY=unknown ; PWD=/Volumes/
MYPEN/Caffeine.app/Contents/Resources ; USER=root ; COMMAND=/
Volumes/MYPEN/Anonimus_e-Mail.app/Contents/MacOS/Anonimus_e-Mail
domenica 15 luglio 12
47. Copy the log files before the automatism
T ION
A
T OM
AU
Replace the log files containing
traces, with the previous one
Solving the problem...
domenica 15 luglio 12
48. How bring the files on a laptop?
domenica 15 luglio 12
49. Get a remote resource - curl command
curl -O http://remote_resources
Use a resource of Dropbox
More possibilities
domenica 15 luglio 12
50. “When things being equivalent,
a simpler explanation
is better than a more complex one”
Put files on a pendrive with
non-journaled file system
Occam’s razor
domenica 15 luglio 12
52. Launcher
Caf
fei
ne.
app
Wiper/Scheduler
ano
nim
mai ous_
l.a e-
pp
Simulator
Sni
ffo
mu
cca
. app
...The structure of the process
domenica 15 luglio 12
54. Legal apps
Caffeine.app
SniffoMucca.app
Anonimous_e-mail.app
MYPEN Contents - After
domenica 15 luglio 12
55. Where can we test the whole process?
Where can we test the procedure?
domenica 15 luglio 12
56. Virtual Machine: Why?
Come back to another state of disk is
simple
Needed to build and test the false
alibi procedure
Enviroment setup
domenica 15 luglio 12
57. Virtual Machine: The choise
PARALLELS VMWARE
VIRTUALBOX
DESKTOP FUSION
Creation
Management
License
domenica 15 luglio 12
58. Virtual Machine: The choise
PARALLELS VMWARE
VIRTUALBOX
DESKTOP FUSION
Creation
Management
License
domenica 15 luglio 12
59. Virtual Machine: The choise
PARALLELS VMWARE
VIRTUALBOX
DESKTOP FUSION
Creation
Management
License
domenica 15 luglio 12
60. Virtual Machine: The choise
PARALLELS
ACC
VMWARE
VIRTUALBOX
DESKTOP
EPT
FUSION
Creation
Management
License
domenica 15 luglio 12
61. Generate an exact duplicate of the
source media under investigation
The destination media MUST BE
al
erased!
g o
Some tools could be used: dd,
dcfldd, dc3dd
Enviroment setup
domenica 15 luglio 12
62. First step
dd if=/dev/zero of=dev/disk bs=512 conv=notrunc
HD 1 HD 2
Enviroment setup
domenica 15 luglio 12
63. Second step
HD 1
Enviroment setup
domenica 15 luglio 12
64. Third step
dd if
=/dev
/sda
of=de
v/sdb
HD 1
bs=51
2 con
v=not
runc
HD 2
Enviroment setup
domenica 15 luglio 12
65. h 4.C
grap hesis
ara he t
P t
in
o rt em
s t -m
A po ns ic
fo re
igit al
d
domenica 15 luglio 12
66. “The use of scientifically derived and proven methods toward the
preservation, collection, validation, identification, analysis,
interpretation, documentation and presentation of digital evidence
derived from digital sources for the purpose of facilitating of
furthering the reconstruction of events found to be criminal, or
helping to anticipate unauthorized action shown to be disruptive to
planned operations.”
[Digital Forensics Research Workshop I - 2001]
The only way for being sure about
the construction on the false
digital alibi is to do a digital
forensic analysis on the hard disk,
on the pendrive and in the log
files!
Digital forensic
domenica 15 luglio 12
67. We have to search in the log files of Mac OS X
“Mac OS X, iPod, and iPhone Forensic Analysis Toolkit”
secure.log
system.log
.bash_history
Safari resources
Digital forensic - How
domenica 15 luglio 12
68. We have already talk about the log files
The copy on the pendrive before the
automatism does not allow to have surprises!
Anyways, we used a grep command on the
log filed
grep iAmTheAutomatism7777 /private/var/log/secure.log
grep iAmTheAutomatism7777 /private/var/log/system.log
About log files
domenica 15 luglio 12
69. .bash_history is an hidden file located in the user home
Bash History
domenica 15 luglio 12
70. .bash_history is empty!
The bash histor y file is never
directly open in the process
All the comands are runned
by Python!
About Bash History
domenica 15 luglio 12
72. Cache.db does not contains relevant infos
"#“
! _
_CFURLStringType_CFURLString
_
http://www.google.it/s?hl=it&gs_nf=1&cp=20&gs_id=14&xhr=t&q=Extract%20class
%20Fowler&pf=p&output=search&sclient=psy-ab&oq=&aq=&aqi=&aql=&gs_l=&pbx=1&bav=on.
Safari stores in the cache.db
2,or.r_gc.r_pw.r_qf.,cf.osb&fp=b58bcc71a4fb82fa&biw=1024&bih=674&tch=1&ech=2&psi=hCjgT6eFA
s3usgb5oOTACA.1340090487838.1#Aµê`a¡◊
⁄
all sites visited by users
!VServerContent-Type_
Transfer-EncodingTDate_
We cannot use Safari for X-Frame-Options_
dangerous operations Content-Encoding_
X-XSS-Protection_
Content-Disposition]Cache-ControlWExpiresSgws_
application/json; charset=UTF-8XIdentity_
Tue, 19 Jun 2012 07:21:52 GMTZSAMEORIGINTgzip]1; mode=blockZattachment_
private, max-age=0R-1
n_
__CFURLResponseNullTokenString__
≠≤ƒ◊Í
About Cache.db
domenica 15 luglio 12
73. Safari History contains only the sites visited by
AppleScript
Safari Resources - History
domenica 15 luglio 12
74. Are there traces in the hard disk or
on the pendrive?
domenica 15 luglio 12
75. In the automatism files we have insert a “signature” of
the automatism...
How search traces of the automatism?
domenica 15 luglio 12
76. ...and we used a grep command on the hard disk and on
the pendrive
grep -ros iAmTheAutomatism7777 ./
grep command does not retrieve any file with this
string
How search traces of the automatism?
domenica 15 luglio 12
77. Problem
Launcher, Wiper/Scheduler and
Simulator modules could create some
temporar y files!
Solution
We have to analyze deleted files!
domenica 15 luglio 12
78. Photorec is a data recovery software designed to recover
lost files from hard disks, pendrive and so on
Deleted files analysis - How
domenica 15 luglio 12
79. We launched Photorec on the hard disk and on the
pendrive and we used the grep command
grep -ros iAmTheAutomatism7777 ./
grep command does not retrieve any file with this
string, again!
Deleted files analysis
domenica 15 luglio 12
80. r5 s
pte esi
ha th
C e
in th
future works
c onclusions
domenica 15 luglio 12
81. Is realistic a false digital alibi on Mac OS X 10.7.3?
Create a false digital alibi is possible!
Remove the traces is possible if you use proper
features of Mac OS X!
Conclusions...
domenica 15 luglio 12
82. Can we create a false digital alibi using
Automator?
Test the automatism on a real enviroment!
Test the automatism on a different
versions of Mac OS X
...and future works...
domenica 15 luglio 12
83. Thank you!
Questions and/or comments
Remind the link:
https:// www.dropbox.com/sh/8cfw9b0aembhzd5/mbVMwXBCBR
Dario Di Nucci d.dinucci@studenti.unisa.it
Fabio Palomba f.palomba3@studenti.unisa.it
Stefano Ricchiuti s.ricchiuti@studenti.unisa.it
domenica 15 luglio 12