Definisi Kesehatan Masyarakat

Definisi Kesehatan Masyarakat menurut profesor Winslow dari Universitas Yale (Leavel and Clark, tahun1958) yakni ilmu serta seni dalam mencegah penyakit, memperpanjang hidup, meningkatkan kesehatan fisik serta mental, serta efisiensi melalui upaya masyarakat yang terorganisir dalam meningkatkan sanitasi lingkungan, pengendalian infeksi di masyarakat, pendidikan perorangan mengenai kebersihan,

Daily Blog #26: Interview with SA Eric Zimmerman

Hi Reader,

          When I finished the milestone series I asked that those of you who have hit milestone 14 in your career to email me. Eric Zimmerman was the first brave soul to do so and was willing to be interviewed for the blog on his career, his forensic interests and his views. I think he brought some great answers back and I hope you enjoy his insights. If you have reached milestone 14 and are hesitating until this point to email me at dcowen@g-cpartners.com for an interview, then read this to see what I'm interested in. I don't want to put your investigations, case or research at risk, I want to help others see how you got started and how you got to milestone 14 so they can do the same!

    If you are reading this before noon central on friday 7/19/13 then please come join us for our first forensic lunch where we will talk about the tri-force, our usn research, shadowkit and your questions:
https://plus.google.com/u/0/events/cedl2na1nqhvomfful00sad9teo

With that said, here is the interview with Special Agent Eric Zimmerman.

EZ: First of all i would like to thank you for the interview opportunity. I like the way you defined the milestones and it serves as a great barometer for people to use in their careers. My progression thru the milestones and optional achievements wasn't linear, but i suspect that's the case with most people.

DC:  How did you get started in computer forensics?

EZ: I got started in forensics years ago as a byproduct of being a computer geek, but i didn't get serious about it until i became an agent and started needing digital forensics in my day to day work. I've been using hex editors for years for a variety of things and started using WinHex about 4 years ago for some case work. I got my EnCE about two years ago using Encase 6. Soon after i fully transitioned to X-Ways Forensics. i have been fortunate enough to work violations where essentially everything involves a computer, so there was ample opportunity to learn and gain experience.

DC: What event in your career propelled you forward the most?

EZ: I would say the biggest benefit to my career was being the case agent and primary forensic examiner in a very technical case involving p2p networks and encryption. In addition to the trial itself, I went through a Daubert hearing and was qualified as an expert in federal court. I wrote hundreds of pages of reports for a wide variety of audiences. Being able to articulate information to people in a way they can relate to is a critical skill. it is not enough to be an expert in digital forensics. you have to be able to convey your findings in a meaningful way to the consumer of that information. Events like a big trial or similar is where you get to finally use all the skills and knowledge you've built up and practiced over the years.
Another major event was winning the 2011 NCMEC award for my work in combating the online sexual exploitation of children. In 2011, my software led to the rescue of at least 45 children, the execution of 330 search warrants, and 222 arrests. To date my software is in use by at least 4000 people in 52 countries.

DC:  Do you remember what lighted your passion for computer forensics, what pushed you forward to Milestone 14?

EZ: My passion began with wanting to understand the underlying technology behind computers. Once you start peeling back the layers you begin to get an understanding of how deep the rabbit hole goes. I tend to get bored easily so having such a wide variety of things to learn keeps it interesting. There is always something new to learn and even more to discover for the first time.
As for what pushed me toward milestone 14, necessity was the biggest thing. After you see the fruits of solving a new problem or reversing a previously unknown artifact you start to see the potential in looking into the unknown. I do not have the ability to do pure research as much as i would like to, so most of my milestone 14 stuff revolves around either my own or my colleagues cases. as new problems come up i work to solve them.
Beyond necessity was wanting to figure out something that was previously unknown. It was a challenge to solve a "puzzle" from scratch with nothing more than some network captures, binary files, a hex editor and some programming skill. A lot of my work involved reverse engineering proprietary, closed source protocols (sorry i cant be more specific than that) and when i started looking into it very little was understood about the protocols and other artifacts. I wrote some cool custom software to assist with things as needed.
Passion for the work is really critical, almost more so than one's technical ability, because without it you may not have the stamina to follow through to the end. Frustration is inevitable but you just have to keep your head down and move the ball forward. Working with a team of people is also very helpful.

DC: What is your favorite forensic artifact?

EZ: In general, the registry, but as to a specific artifact it would be ShellBags by far. It is amazing how much detail is maintained in ShellBags. i have used them to show what was inside encrypted TrueCrypt containers in order to prove intent as well as corroborate other artifacts. in the case of encryption, it basically serves as a means to see the file names, time stamps and file sizes of things inside a container. If you can then tie that information to more concrete artifacts involving file hashes (and therefore the file size) you can peer inside the encryption and say with certainty what is in there.

DC: What are you researching now?

EZ: When i get a break from my cases, my primary focus is continuing to expand the abilities of my live response software, osTriage. Version 1 is for law enforcement/government only but with version 2 i want it to be available to a wider audience. My approach for version 2 is to use plugins to provide functionality vs. a monolithic executable as I did with version 1.
By making the programming interfaces available to anyone, people can write plugins that are meaningful to them in case their particular issue isn't included out of the box. plugin authors can choose to share their work or keep it in-house. I've written the main program in such a way that it works with the interfaces to automatically generate reports,bookmark items of interest, copy files from computers, etc. This lets plugin authors focus on new features and not basic plumbing.
In version 2, I have spent a lot of time focusing on performance and have seen some fantastic gains in speed. For example, my new code can iterate every file and directory on a 256GB hard drive (with over 276,000 files and 59,000 directories) in about 22 seconds whereas the version 1 took over 8 minutes to do the same search. that 22 seconds includes finding pictures, hashing them, and generating thumbnails,exploring archive files, parsing .lnk files, and pulling dozens of pieces of live response data. I demonstrated this at the 2013 Boston Cyber Conference earlier this year in my talk on the need for improved triage techniques.

DC: What inspired you to write a book?

EZ: The inspiration for the book was to be able to unpack the X-Ways manual into a format that more people would be able to relate to based on their existing knowledge in forensics. Our goal wasn't to teach forensics, but rather to explain X-Ways.
The X-Ways manual is a fine piece of technical writing, but few people have the patience or time to penetrate its depths. I really think X-Ways is at the top of the pyramid when it comes to forensic suites but in some circles it has the reputation of being hard to use. Where people can run into trouble is there are a lot of ways to accomplish a goal in X-Ways rather than one linear path as found in other tools.
X-Ways puts incredible power in the hands of the forensic examiner and lets them wield that power in a way that makes sense to them and the case at hand. Once people try X-Ways and get comfortable with it they rarely go back to other tools. I found the best way to jump in was to work a case in X-Ways Forensics solo or in parallel with an existing tool.
With the book in hand you can begin the transition from other tools to X-Ways in a straightforward manner. The book is written in such a way to walk people through its use from initial installation, hard drive imaging, reporting and everything in between.

DC: Where can we buy the book?

EZ: The book is titled "X-Ways Forensics Practitioner's Guide" and is currently available for pre-order at Amazon (http://goo.gl/vWmqa) as well as Barnes and Noble (http://goo.gl/DIJO6). We recently sent our final proofs back to the publisher well ahead of schedule and hope to see the book shipping in August. we have more information as well as software programs I wrote for the book at http://xwaysforensics.wordpress.com/.

DC: What is next for your career? What is beyond Milestone 14 for you?

EZ:  I would like to continue to expand the capabilities of firstresponders and raise the bar when it comes to triage as it relates to what we can cull from computers. I have been focusing on trying to define what the needs of the majority of people are when it comes to digital evidence (at least as it relates to law enforcement). My ultimate goal is to be able to deliver 90% of the relevant information for a case in 10 minutes or so.
For me, moving beyond milestone 14 involves thinking at a more strategic level vs. the day to day existence in the trenches. This involves defining and polishing best practices for colleagues and peers and automating common tasks to act as a force multiplier for understaffed or smaller departments.

DC: What are your favorite tools?

EZ: My favorite tools include X-Ways Forensics (of course) and WinHex, CommView, Wireshark, Edit Pad Pro, RegRipper, F-Response, Directory Opus(Explorer replacement), Visual Studio, Sysinternals stuff, Volatility, and who can forget the Tri-force! The amount of high quality software out there amazes me. there are many gifted developers and digital forensics people out there who put a ton of time into great tools. Some even choose to give their work away. Thanks to all the devs out there! Much of what we can do in digital forensics would not be possible without your contributions.

DC: What do you believe is the greatest challenge facing forensic examiners?

EZ: The ability to separate the wheat from the chaff when it comes to digital evidence. related to this is a continued reliance on outdated workflows when it comes to processing data. I wont mention any names but there are a lot of solutions out there that require a massive amount of up front processing before an exam can start. Combine this with a lack of checkpointing and you have a recipe for pain when things crash.
Storage capacities continue to increase exponentially while our ability to examine that data is only increasing mathematically. it doesn't take long to realize we have to get smarter in how we look at data or the lead times for a full forensics review will continue to get longer and longer. In my estimation, the answer (or at least a partial answer) to this problem is better triage techniques. If we can identify the computers and digital devices that are relevant to us we can focus our efforts on those devices vs the "examine everything" approach most often employed now. We have to find the balance between thoroughness and timeliness in our examinations. Its a tough problem for sure, but one i think the community can solve.

Thanks Eric for the interview, I hope everyone gets something out of it. Tomorrow is Saturday reading and I have some interesting links to share. The big event though is this coming Sunday Funday where we have a prize provided by Magnet Forensics that I think you will want to win! 

Pengertian Kesehatan Masyarakat

Pengertian Kesehatan Masyarakat - Dalam bahasa Inggris, kesehatan masyarakat disebut dengan Public Health yang menurut Professor Winslow dari Yale University, diartikan sebagai
ilmu dan Seni dalam upaya untuk mencegah penyakit, memperpanjang hidup, serta
meningkatkan kesehatan, melalui upaya Pengorganisasian masyarakat. Hal-hal yang berkenaan dengan masalah kesehatan masyarakat seperti:

Larangan Berpuasa untuk Ibu Hamil di Bulan Ramadhan

Berpuasa untuk Ibu Hamil memang boleh dilakukan dengan catatan telah
dilakukan pemeriksaan dan dokter kandungan anda telah menyatakan kondisi
kesehatan anda baik, dan memungkinkan untuk anda melaksanakan ibadah puasa. Hal
ini juga harus disertai niat yang kuat bahwa ibadah yang anda lakukan tidak
mempengaruhi kondisi janin di dalam kandungan.



Beberapa
penelitian yang pernah dilakukan

Sistem Penerimaan PNS CAT - TKD TKB CPNS - Materi

Untuk dapat menjadi seorang pegawai negeri sipil di Indonesia, seseorang harus melewati seleksi masuk yang dinamakan tes kompetensi dasar. Tes ini diselenggarakan berdasarkan izin Kementerian Pendayagunaan aparatur negara sebagai pihak yang berwenang mengatur jumlah kebutuhan aparatur negara disemua kementerian dan lembaga. Sekarang tes CPNS menggunakan tes berbasis komputer/Computer Assited Test(CAT). Sistem CAT ini, para peserta akan mengerjakan soal tes melalui komputer. Kemudian jawaban akan langsung masuk ke basis data server.

Pemerintah wajib menyediakan sarana pendukung komputer dan aplikasi khusus CAT untuk melaksanakan perekrutan pegawai melalui sistem ini. Salah satu kelebihan CAT adalah penyelenggaraan tes tidak harus serentak, karena nantinya jika semua pendukung telah siap, setiap instansi yang membutuhkan pegawai dapat membuka lowongan kapan saja sesuai kebutuhan dan tentunya izin KEMENPAN.

Materi Tes CPNS

Materi yang diujikan di Seleksi CPNS terdiri dari Tes Kompetensi Dasar dan Tes Kompetensi Bidang.
Tes Kompetensi Dasar terdiri dari tiga jenis tes yaitu Tes Kepribadian, Tes Intelegensia Umum, dan Tes Wawasan Kebangsaan. Sedangkan untuk materi Tes Kompetensi Bidang disesuaikan dengan tiap profesi.

Tes Karakteristik Pribadi berisi materi seputar integritas, semangat berkarya, kreativitas dan inovasi, orientasi dan pelayanan, orientasi kepada orang lain, kemampuan beradaptasi, kemampuan mengendalikan diri, kemampuan bekerja mandiri dan tuntas, kemauan dan kemampuan belajar berkelanjutan, kemampuan bekerjasama dengan kelompok, dan kemampuan menggerakan dan mengkoordinasikan orang lain.

Tes Intelegensia Umum berisi materi yang berhubungan dengan kemampuan verbal, numerik, kemampuan berpikir logis, dan kemampuan berpikir analitis.

Tes Wawasan Kebangsaan berisi materi seputar pilar kebangsaan( Pancasila, Negara Kesatuan Republik Indononesia, Undang-undang dasar 1945, dan Bhinneka Tunggal Ika). Selain itu materi yang mungkin diujikan adalah seputar sejarah Indonesia, dan kebijakan publik.

Untuk Materi Tes Wawasan Kebangsaan ini blog ini memiliki beberapa materi yang mungkin berguna sebagai bahan pembelajaran untuk mempersiapkan tes CPNS.
Berikut Link Materi TWK Pilar Kebangsaan

• Pancasila
• NKRI
• Konstitusi Negara Indonesia
• UUD 1945
• Bhinneka Tunggal Ika
• materi lainnya

Semoga Sukses!!!!!

Kertas-kertas yang sangat jarang diketahui

     Kertas telah ditemukan beribu-ribu tahun yang lalu, menyebar ke berbagai penjuru dunia, dan munculah kertas-kertas jenis baru dari berbagai kebudayaan, seperti yang berikut ini...

1. Kertas Daluwang

from http://suaramerdeka.com

     Daluwang adalah kertas tradisional yang dibuat dari serat-serat tanaman yang memiliki tekstur kasar. Kertas ini digunakan oleh masyarakat di Indonesia khususnya di pulau Jawa yang berkembang pesat pada masa Islam, sebagai pengganti kertas lontar yang dulu digunakan sebagai media tulis.

     Di Indonesia khususnya di Jawa pernah dikenal Kertas Jawa atau Kertas Daluwang atau Kertas Dluwang, kertas ini, kini berkonotasi sebagai kertas daur ulang . Pada masa lalu, kertas dluwang atau daluwang ini digunakan sebagai media tulis menulis selain menggunakan Kertas Lontar sebagai media tulis, selain itu, kertas yang kemudian dikenal sekarang, pada masa itu diimpor baik dari Cina, Arab maupun Eropa melalui perantara para pedagang baik pedagang Belanda, Eropa, Arab dan Cina yang mengunjungi Nusantara.

2. Kertas Lontar

from http://www.chethams.org.uk

     Kertas Lontar adalah kertas yang terbuat dari daun lontar.Pada masa dahulu, media yang dipakai untuk kegiatan tulis-menulis di Jawa adalah daun lontar atau daun nipah. Setelah muncul Kertas Jawa atau Kertas Daluwang serta kertas impor, penggunaan kertas ini ternyata tidak serta merta punah dan masih dijumpai di beberapa tempat hingga Abad ke-20 di Jawa, Madura dan Bali, dan dikawasan ini banyak dijumpai naskah-naskah kuno yang menggunakan daun lontar sebagai alat tulis. Kualitas naskah yang dihasilkan berbeda-beda tergantung pada mutu bahan, cara pengerjaan dan perawatannya.

3. Kertas Hanji

     Adalah kertas tradisional Korea yang telah digunakan sejak 1600 tahun yang lalu. Orang Koreamenggunakan hanji dalam berbagai perlengkapan sehari-hari dan keperluan rumah tangga mulai dari buku, dinding, jendela, lantai, sampai peti mati. Dikatakan orang Korea memanfaatkan Hanji dari sejak lahir sampai mati

     Hanji sangaaaaat tahan lama dan mampu bertahan selama 1000 tahun!. Salah satu bukti daya tahan hanji adalah masih tersisanya buku cetak tertua di dunia, Jikji(1377) yang saat ini disimpan di Perpustakaan Nasional Perancis, Paris serta teks sutra Buddha Mugujeonggwang Daedaranigyeong (751) yang merupakanMemori Warisan Dunia UNESCO.

4. Kertas Washi

     Sering disebut pula wagami adalah kertas yang dibuat dengan metode tradisional di Jepang. Dibandingkan kertas produksi mesin, serat dalam washi lebih panjang sehingga washi bisa dibuat lebih tipis, namun tahan lama (tidak lekas lusuh atau robek).

     Di Jepang, washi digunakan dalam berbagai jenis benda kerajinan dan seni seperti origami, shodō dan ukiyo-e. Washi juga digunakan sebagai hiasan dalam agama Shinto, bahan pembuatan patung Buddha, bahan mebel, alas sashimi dalam kemasan, bahan perlengkapan tidur, bahan pakaian seperti kimono, serta bahan interior rumah dan pelapis pintudorong. Washi digunakan sebagai bahan uang kertas sehingga uang kertas yen terkenal kuat dan tidak mudah lusuh.

Diolah dari http://id.wikipedia.org/

Masalah Kesehatan Masyarakat

Masalah Kesehatan Masyarakat - Kesehatan adalah kebutuhan paling mendasar setiap manusia.   Sehat adalah keadaan optimal secara fisik, mental serta sosial seseorang sehingga bisa berproduktivitas, tidak hanya sebatas bebas penyakit. Keadaan sehat bisa dilihat dari dimensi produksi serta dimensi konsumsi. Dimensi produksi memandang kondisi sehat merupakan modal produksi atau prakondisi yang

July 18, 2013 Over the Hump Bump II: Insulin Wars II: Mark Sisson

Part II of my CarbSane is so cruel and vitriolic in her criticisms of Mark Sisson bumpfest today.  Crying Wolf II , Bump I

This one is especially  ironic given point 9-of-12 of Mark's email to Grashow blamed lack of dietary discipline and sloth for my weight.   Here he says that doesn't work anyway!  {shakes head}

Be sure to notice how I misquoted, misrepresented and ridiculed Mark Sisson, took pot shots at his appearance and denigrated him on a personal level.  Oh wait.  That didn't happen.  This post was originally viewed by around 400 people and didn't even crack the Top10 list at the time.

Read more »

Johnson and Johnson Settles Suit Alleging Management Incompetence and Deception, Managers Continue to Prosper

Very quietly, pharmaceutical/ biotechnology/ medical device corporate giant Johnson & Johnson just settled another lawsuit. The most pithy version is by Ed Silverman on Pharmalot, although Reuters and Bloomberg published short accounts.

The New Settlement

Per Mr Silverman, the gist is:

The health care giant agreed to resolve the dispute brought over allegations that J&J management shirked their responsibilities and allowed a chain of events that resulted in congressional probes; lost market share, consumer confidence and revenue, and a consent decree with the FDA. In the lawsuit, a shareholder charged that J&J bungled the integration of the Pfizer consumer health acquisition, placed inexperienced execs in charges of its OTC unit and cut costs so drastically that quality control suffered.

The lawsuit, which was brought by Ronald Monk, alleged that the health care giant made misleading statements about its products before disclosing problems with the Fort Washington plant and another in Puerto Rico. He also maintained that J&J withheld material information before its decision three years ago to shut down the Fort Washington plant, where contamination led to the unpublicized recall of defective Motrin tablets in 2009.

In agreeing to the settlement, J&J refused to admit any wrongdoing

So let me review. The allegations in this case were all about problems with the management of Johnson and Johnson.  They included allegations that management was incompetent and deceptive.  The incompetence was in handling the core functions of the company, assuring that its drug products were pure and unadulterated.  The deception was of patients, the public, and the nominal owners of the company to whom management is supposed to report, and allegedly included an attempt to cover up concerns about the purity of its drug products.

The proposed settlement follows the current practice of allowing the defendant not to admit the allegations, leaving their truth unproven.  However, one wonders, given that the allegations are about the core responsibilities of management and were leveled by the company owners, why the management would not defend their honor more forthrightly.

The Company's Sorry Legal Record

Furthermore, this settlement also follows the current practice of being made without reference to any other seemingly relevant legal proceedings.  In fact, it is just the latest of a long string of settlements and other resolutions of legal actions, including guilty pleas, by Johnson and Johnson management.  As we summarized most recently here, these included:

- Convictions in two different states in 2010 for misleading marketing of Risperdal
- A guilty plea for misbranding Topamax in 2010
- Guilty pleas to bribery in Europe in 2011 by Johnson and Johnson's DePuy subsidiary
- A guilty plea for marketing Risperdal for unapproved uses in 2011 (see this link for all of the above)

- A guilty plea to misbranding Natrecor by J+J subsidiary Scios (see post here)
- In 2012, testimony in a trial of allegations of unethical marketing of the drug Risperdal (risperidone) by the Janssen subsidiary revealed a systemic, deceptive stealth marketing campaign that fostered suppression of research whose results were unfavorable to the company, ghostwriting, the use of key opinion leaders as marketers in the guise of academics and professionals, and intimidation of whistleblowers. After these revelations, the company abruptly settled the case (see post here).
-  Also in 2012,  Johnson & Johnson was fined $1.1 billion by a judge in Arkansas for deceiving patients and physicians again about Risperdal (look here).
-  Also in 2012, Johnson & Johnson announced it would pay $181 million to resolve claims of deceptive advertising again about Risperdal (see this post).

Even though the record includes a number of settlement in which management did not have to admit guilt, the company has made a surprising number of guilty pleas in just the last few years.  Despite all this evidence of poor, that is incompetent or unethical management, Johnson and Johnson managers have been getting very rich.

As we mentioned here, Mr William Weldon, the outgoing CEO on whose watch most of the misbehavior resulting in the legal actions above occurred, retired with a huge retirement package, after receiving extremely generous compensation prior to that.  The new CEO as of April, 2012,  Mr  Alex Gorsky, per the company's 2013 proxy statement, already owns more than 190,000 Johnson and Johnson shares,  and received $10,977,109  total compensation in 2012.  Mr Weldon received over $29 million in total compensation just for 2012, the year in which he retired.  Other top executives received from over $3.5 million to over $8 million. 

Summary

So why do the stockholders, the owners of Johnson and Johnson continue to pay so much to an executive team on whose watch so many bad things have happened?  Why did law enforcement authorities allow the company to continue to plead guilty or settle cases without imposing any negative consequences on these executives?  Maybe only the Shadow knows. Of course, the lack of any discussion beyond that on Health Care Renewal, that puts each new settlement or guilty plea in the context of the ones before, and juxtaposes them to the rewards of given to management, may not help. 

As we said the last time we addressed the contrast between Johnson and Johnson's sorry legal record and its voluminous payments to executives, we have noted again and again and again that many of largest and once proud health care organizations now have recent records of repeated, egregious ethical lapses. Not only have their leaders have nearly all avoided penalties, but they have become extremely rich while their companies have so misbehaved.

These leaders seem to have become like nobility, able to extract money from lesser folk, while remaining entirely unaccountable for bad results of their reigns. We can see from this case that health care organizations' leadership's nobility overlaps with the supposed "royalty" of the leaders of big financial firms, none of whom have gone to jail after the global financial collapse, great recession, and ongoing international financial disaster (look here). The current fashion of punishing behavior within health care organization with fines and agreements to behave better in the future appears to be more law enforcement theatre than serious deterrent.  As Massachusetts Governor Deval Patrick exhorted his fellow Democrats, I exhort state, federal (and international, for that  matter) law enforcement to "grow a backbone" and go after the people who were responsible for and most profited from the ongoing ethical debacle in health care.

As we have said before, true health care reform would make leaders of health care organization accountable for their organizations' bad behavior.

July 18, 2013 Over the Hump Bump: What's with all the supplements, and Primal hypocrisy

Since I totally forgot to do a post bump last week, I'll have a two-fer for you today of examples of the few posts I've done concerning Mark Sisson here at the Asylum.  I did so few, and tried so hard to build my readership by trashing him that I even had to update the labels on this post to include the man's name.  Yet I thought I'd use these bumps to shed some light on Mark Sisson's career as a disappearing artist of sorts -- making criticisms disappear.  This is an opportunity to address Point 8-of-12 of Mark's email to Charles Grashow as pertains me.  

8.       I find it more than ironic that a person who would continuously try to take me down, criticize my business, question my ethics and motives and generally use my site and my products as fodder to build her own traffic would then beg me to disassociate with and publicly denounce others to whom she does the exact same thing. On that principle alone I wouldn’t  be seen supporting her (Ev) in any way.

Read more »

Daily Blog #25: Go Bag Part 4 - Advanced Persistent Problem Child

Hello Reader!,
       It's Thursday, the week goes fast when your busy. I hope these daily blogs are interesting to you and helping your week go faster as well. I'm continuing the imaging scenarios today as enter the realm of the 'oh not this' level of imaging. We are doing lots of research here at G-C as our cases continue to get more complex and we see more Windows 7 systems and their artifacts get produced in cases. I'm hoping that as these results are validated we can put out some more Saturday reading papers on USN journal analysis, it's not as simple as it appears!

The system is in sleep mode - The system has been brought to me and it was thought to be powered off, but really the user just closed the lid on the laptop and it went to sleep. 

This is a pretty common scenario and you have four options at this point in order of time required (least to most):

1. You have to have this device imaged and returned ASAP and you have no reason to believe that the contents of memory will be relevant as the event you are investigating occurred in the past. In this case your best course of action may be to pull the battery and image the drive offline. 
2. You have to have the device image and returned ASAP, but the user is willing to provide their password. In this scenario you would do a live image of the system's memory to your external drive and then since you've already created the artifacts relating to the memory capture and storage connection (whether network or external storage) so you might as well do a live forensic image as well. 
3. You have to have the device image but you can return it later that day or the next. This is a good middle scenario and I'll explain why. If you have enough time to let the battery power run out the system will on its own going into hibernation causing it to write the contents of memory to disk and allowing you to get a copy of both the disk and the contents of RAM without having to introduce any artifacts from your software/hardware. If you are worried about overwriting the old hiberfil.sys know that for Windows Vista and 7 systems it should be in the volume shadows as well.
4. You have to have the device image, its Windows XP or before and you don't have time to wait for it to suspend. At this point if your lucky they have a firewire port on their computer which will let you directly access the contents of RAM without authenticating to the system, your device will show up in sbp2 store though in the system registry and its plugin will be recorded in the setup logs. 

The system is connected to a SAN - You've been taken to the system and see a fiber cable coming out of the back of it, you realize its likely connected to a SAN


Termonology to kow here:

HBA - Host bus adapter - This is your fiber card interface to the SAN like a network card
SAN - Storage Array Network - This is a large embedded system that can contain 100s of hard drives and present slices of them to systems as local storage
LUN - Logical Unit Number - How the disk is identified between the SAN and the system that mounts it
Fiber port - The physical port on the fiber hub your SAN and systems are connected to

Things to know before even starting:

• Pulling a drive from a SAN will result in the SAN discarding those drives 
• You do not know which drives in a SAN your data is written on typically
• I am not aware of a forensic tool that has support for any SANS proprietary algorithm for storing data across drives and even if you where to image the disks with the SAN offline you would not likely be able to reassemble the file system
• You need to know the following 
• The type of HBA in the system (single mode or multimode)
• The LUN the HBA is connecting to
• The port you are plugged into
• If there are any ports open

Ok now that we have that covered this is how you deal with it. You have two options depending on if you can take the system offline.

1. You can take the system offline

If you can take the system offline then you can reboot it off of your forensically sound boot CD, I keep saying Linux but it could WinFE as well. I have more experience with Linux boot CD/DVDs though. If your bootable distribution has support for the fiber card HBA then you should have the disk presented to you at boot time as another physical drive you can image. This works because SAN security is typically set for the port the device is plugged into rather than any type of credential, so if you can access it from the same port you should be presented with the disk. 

    2.  You can't take the system offline

You have two options here. 

    A. Make a live image, this is the simplest method. The OS will already have the fiber card drivers loaded and the physical disk will be available to you for imaging.

    B. If you can't make a live image and you can't shut it down this is what you have to do to get at the SAN disk.

1. Get the SAN administrator to allocate a port you can plug another computer with a compatible HBA 
2. Get the SAN administrator to provide access to the LUN your target system is accessing to your new port
3. Boot your system off a Linux winfe forensically sound system with the HBA connected  you should see the physical disk presented to you
4. Realize that you need to still treat this as volatile evidence, the original system is still accessing/changing this disk and the only write protection you have is your operating system correctly treating the SAN disk as read only.
5. Image the disk and shutdown, making sure never to mount the disk read/write and if its a journaled file system (ext3/4) make sure that you mount it read only as a non-journaled variant (ext2) if you simply have to mount it and extract data from the live system. 

    I know point 5 may seem confusing especially on the read only exception there. The read only flag in your Linux mount applies to the data but the underlying journal file system may still be updated in ext3/4 on mounting it even if you tell it to mount read only. Be aware of this as you may cause two competing journal operations to collide and that wouldn't be good!

    So there you go, all my SAN nightmares boiled down to a how to guide. I hope this helps you because they are not going away. Tomorrow we will talk about NAS and embedded systems. 

Tiga Cara Menambah Berat Badan

Cara Menambah Berat Badan - Menambah bobot tubuh dapat merupakan masalah yang serius. Satu-satunya cara untuk menambah bobot ini adalah dengan olahraga ketat serta makan lebih banyak. Di sini akan diungkap beberapat tips agar menambah berat badan tanpa menambah terlalu banyak lemak.

Berikut ini cara menambah berat badan : 

Makan yang banyak. Jika anda sudah berolahraga namun tidak juga bertambah gemuk, mungkin disebabkan karena anda kurang cukup makan. Bagaimana anda mengharapkan bertambah berat tubuh jika anda tidak mengkonsumsi kalori yang cukup untuk tingkat pembakaran kalori tubuh anda tiap hari? Konsumsi setidaknya 10 kalori perpon berat tubuh anda hanya untuk mempertahankan berat tubuh anda saat ini. Sedangkan untuk menambah berat tubuh anda, anda harus mengkonsumsi setidaknya 500 kalori lebih banyak daripada pemasukan kalori anda biasanya. Semakin banyak anda makan, maka semakin besar pula kemungkinan pertambahan bobot tubuh anda. Anda harus memilih dengan selektif makanan yang hendak anda konsumsi sehingga dapat menambah kualitas bobot tubuh tanpa mengkonsumsi terlalu banyak lemak.

Makan lebih sering. Makan lebih sering berhubungan dengan makan lebih banyak karena semakin banyak makanan yang anda makan, semakin banyak kalori yang anda dapat. Makan lebih sering juga akan membantu pencernaan anda. Sudah jelas lebih mudah untuk mengunyah makanan ringan berisi 500 kalori masing-masing daripada empat makan besar yang terdiri dari 100 kalori masing-masing. Jika memakan sesuatu dalam porsi besar, beberapa makanan tidaklah diproses dengan benar karena kurangnya hormon-hormon dalam metabolisme anda. Kelebihan makan ini berpotensial menjadi lemak di tengah perjalanannya.

Makanlah dengan proporsi yang tepat. Protein adalah hambatan utama syaraf otot dan gizi penting untuk menambah berat tubuh serta membangun massa otot. Tapi anda juga harus memperoleh jumlah karbohidrat dan lemak yang cukup. Proporsi yang direkomendasikan dari karbohidrat, protein dan lemak adalah kurang lebih 50:35:15. Proporsi ini dapat diterapkan kesemua pola makan tanpa memikirkan pemasukan kalori total. 

Itulah cara menambah berat badan, semoga bermanfaat