Difference between pages "Forensic Disk Differencing" and "Machine Translation"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (idifference.py)
 
m (References)
 
Line 1: Line 1:
Forensic Disk Differencing is the process of taking two or more disk images from the same computer and determining what changes in the first disk image might have resulted in the changes that are observed in the second. One common use of differencing is to determine what an attacker did during a break-in. To be used for this purpose, it is necessary to have a forensic disk image of the computer before the break-in and after the break-in.
+
===References===
 +
* [http://findarticles.com/p/articles/mi_7099/is_4_9/ai_n56337599/ An evaluation of the accuracy of online translation systems]
 +
* [http://www.translationsoftware4u.com/sys-testimonies.php Systran Reviews - Case Studies]
 +
* [http://www.swdsi.org/swdsi06/Proceedings06/Papers/IBT04.pdf Spanish-to-English Translation Using the Web], Milam W. Aiken, SWDSI 2006
 +
* [http://www.wired.com/wired/archive/14.12/translate.html Me Translate Pretty One Day], Issue 14.12 - December 2006
 +
* [http://www.tcworld.info/index.php?id=91 Dispelling the myths of machine translation],By Uwe Muegge  August 2008
  
==Differencing Tools==
+
* [http://www.lans-tts.be/docs/lans8-2009-intro.pdf Evaluation of Translation Technology], Walter Daelemans, University of Antwerp, 2009
===idifference.py===
+
* [http://www.sepln.org/monografiasSEPLN/monografia-jgimenez-sepln.pdf Empirical Machine Translation and its Evaluation] Jesús Ángel Giménez Linares,
idifference.py is part of the [[Digital Forensics XML]] Python Toolkit distributed with [[fiwalk]]. This tool will compare two different disk images and report changes in files between the first and the second. It also produces a timeline of changes.
+
 
+
For example, using the '''nps-2009-canon2''' series of disk images:
+
 
+
<pre>
+
$ python idifference.py /nps-2009-canon2-gen2.raw nps-2009-canon2-gen3.raw
+
>>> Reading nps-2009-canon2-gen2.raw
+
>>> Reading nps-2009-canon2-gen3.raw
+
 
+
Disk image:/corp/drives/nps/nps-2009-canon2/nps-2009-canon2-gen3.raw
+
 
+
New Files:
+
 
+
2008-12-23 14:26:12 1315993 DCIM/100CANON/IMG_0041.JPG
+
 
+
Deleted Files:
+
 
+
2008-12-23 14:12:38 855935 DCIM/100CANON/IMG_0001.JPG
+
2008-12-23 14:22:38 1347778 DCIM/100CANON/IMG_0037.JPG
+
 
+
Files with modified content (but size unchanged):
+
 
+
Files with changed file properties:
+
 
+
DCIM/CANONMSC/M0100.CTG SHA1 changed 69b30c352ee802f49b1ea25325af9fa05c3ffca1 -> baa42c03a917b01b212fb7e538e5deb525995f31
+
DCIM/CANONMSC/M0100.CTG crtime changed to 1230070924 -> 1230071142
+
DCIM/CANONMSC/M0100.CTG mtime changed to 1230070924 -> 1230071142
+
DCIM/CANONMSC/M0100.CTG resized 180 -> 188
+
 
+
Timeline
+
 
+
2008-12-23 14:25:42 DCIM/CANONMSC/M0100.CTG SHA1 changed 69b30c352ee802f49b1ea25325af9fa05c3ffca1 -> baa42c03a917b01b212fb7e538e5deb525995f31
+
2008-12-23 14:25:42 DCIM/CANONMSC/M0100.CTG crtime changed 1230070924 -> 1230071142
+
2008-12-23 14:25:42 DCIM/CANONMSC/M0100.CTG mtime changed 1230070924 -> 1230071142
+
2008-12-23 14:25:42 DCIM/CANONMSC/M0100.CTG resized 180 -> 188
+
2008-12-23 14:26:12 DCIM/100CANON/IMG_0041.JPG created
+
$
+
</pre>
+
 
+
Here are some more examples:
+
* [[File:Idifference-demo1.txt]] --- idifference.py run on two disks from the 2009-M57 Patents scenario (Jo's November 23 vs. November 24th disk)
+

Revision as of 10:00, 28 March 2011

References