The HTML5 and CSS learning resources provided here supplement classroom materials for my CMST 386 class taught at the University of Maryland University College. Please report any broken links in the LEO classroom. If you have any suggestions for additional resources that could be added here, let me know. To access some of these resources you will need to sign up for a free account, which I...
Like other top web servers, Nginx lets webmasters enable Gzip compression for their websites. It can compress scripts and stylesheets in a web page on the fly. The Gzip file’s size is significantly lower than the original file. Nginx supports 9 Gzip compression levels.1 is the lowest and 9 is the highest. To gzip a file, Nginx will use invoke a function and the function will use system...
The purpose of business continuity planning is to ensure continued operations of an organization in the event of a catastrophic event, whether this may be a natural disaster or something more sinister. In recent years, we have seen the increase of cyber-attacks and breaches to the point that they have become common news worldwide. As systems have grown in complexity and capacity to store large...
This article provides an overview of four different data sources used in various forensics investigations. The first source includes system log files containing system logs within the operating system as well as an overview of some tools that can be used in order to effectively understand these logs. File systems are also discussed including the effectiveness of metadata and their overall...
After Googleweblight, AMP aka Accelerated Mobile Pages is the new initiative from the search engine giant Google to make the web fast. As of today, over 900K sites are powered by AMP. I’ve used AMP on my site for a month. Below, I’ve shared the Pros and Cons of Google AMP. Pros of Google AMP (Advantages) Easy to implement Google has published a detailed documentation which covers the...
Business continuity planning in any organization today must incorporate aspects of computer forensics in order to be sustainable. According to Majore, Yoo & Shon (2014) in their article on secure and reliable electronic record management, over 90% of records created today are electronic. In addition to this electronic records require a greater amount of maintenance due to their volatility and...
Computer forensics can play a vital role in an organization’s recovery from a cyber attack. By properly following forensics processes carefully in the aftermath of an attack, recovery can begin to play out. According to Čisar & Maravić Čisar (2012), in accordance with digital forensic analysis methodology three processes are essential, which include preparation, identification, and analysis...
Malicious code detection is an ongoing obfuscation-deobfuscation game because of the nature of the malware or goals of the attacker. Detection of malicious executables known to an investigator is usually performed using signature-based techniques. In their forensic research article, Rozenberg, Guides, Elovici and Fledel (2010) made the point that obfuscated or encrypted files could not easily be...
Remote Access Trojans have become a serious security concern as hackers have developed more sophisticated code that can be installed and hidden on a target system, unknown to the user. According to UMUC (n.d.) Remote Access Trojans are a form of backdoor that can provide unauthorized access and use of digital assets on a victim’s computer system. It essentially masquerades as a legitimate...
Testifying and writing a report are both essential ingredients to a successful digital forensics investigation. Digital forensics personnel will potentially spend months of time working with complex data and processes. The delivery and result of this work is reflected in the forensics report and then ultimately testified in court. Cohen (2012) discussed the report as integral to the overall...
The terms risk, vulnerability and threat are often confusing and sometime interchangeable leading to a lack of understanding when presenting evidence. Risks are usually based on a probability that a threat of some kind will exploit a vulnerability or weakness in a system or network. In recent years risks have been taken more seriously with many businesses that conduct online activities...
Over the last few months my team has been developing microsites to accompany our main website. The requirements for these sites included having their own domain, theme and separate content. After reviewing options in Drupal 7, I decided the best approach given our situation was to use the Domain Access Module. The Domain Access Module provides a very solid and powerful framework for developing...
The term ‘Steganography’ refers to ‘covered writing’ and encompasses methods of transmitting secret messages through innocuous cover carriers in a manner that their existence is undetectable. Johnson & Jojodia (1998). For years hackers have been finding more innovative ways of hiding data within existing systems usually for the purpose of transporting it to a target destination. The term...
The preparation phase of digital search is the most important phase of the digital investigation process. If not carried out correctly, the can lead to improper handling of evidence that may lead to damage of crucial materials to an investigation. This phase involves the preparation of tools, techniques, search warrants, and monitoring authorizations and management support. Venansius &...
It doesn’t seem that long ago that I received an official letter in the mail from the United States Office of Personnel Management (OPM) detailing that sensitive information about me had been compromised. I had been following the news and knew about the breach, so the letter didn’t come as a huge shock. It did make me think about the impact of such a breach, originally reported as affecting 4...
There are a number of cybercrime laws that are extremely important in the field of digital forensics and cybersecurity as a whole. Two of the most important laws include the Computer Fraud and Abuse Act (CFAA) of 1984 and the Electronic Communications Privacy Act (ECPA) of 1986. The original intent of CFAA was to address computer related crimes and more specifically protect information assets...
Yesterday, I was checking the performance of one of my sites with GTmetrix and Pingdom tools. Although my site takes about 1 second to open in any browser, the tools were reporting remove query strings from static resources warning. Anything that follows after the question mark i.e “?” is called a query string. You’ll find URLs with query strings on dynamic sites. If the site...
As mentioned in my earlier blog post, I am using LetsEncrypt free SSL certificate on one of my sites. The certificate was due to expire in few weeks. The CertBot dispatched an alert message for the same on my official email address. As I’m using SSL for the first time and having several doubts in mind, I decided to renew LetsEncrypt certificate immediately. I fired the...
After Google declared HTTPS as a ranking signal, thousands of sites have switched to HTTPS from HTTP. To secure your site with HTTPS, you must install an SSL certificate on the server and configure the web server to redirect HTTP traffic to HTTPS. Before Let’s Encrypt Certificate Authority was launched in 2016, companies used to charge a hefty amount for providing SSL certificates. Now, you...
I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.