Log analysis is (the) trying to make sense of system and network logs.

Computer forensics is (the) application of the scientific method to digital media in order to establish factual information for judicial review.

So...

Log forensics is (the) trying to make sense of system and network logs, in order to establish factual information for judicial review.

Makes sense, maybe I've been googling for the wrong keywords all this time! Till of late, I've been looking at this field largely from a data mining viewpoint.

Just like in incident response, two things held true:

• If you don't have a "incident" response plan, you're only going to panic (a lot more) when it happens.
• Doing an AAR helps!

There're things that can be done to make the loss/theft of your phone a lot less traumatic, and possibly less painful if you really don't get your phone back. They happen to be the things that you could do when you get a new phone.

Preparing for what should not happen:

• Note down IMEI of phone (dial *#06#)
• Set up phone tracking/remote lockdown. Apple users have MobileMe / iCloud for iOS. There are ways to do so for Android too. Remember to set a good password which is not reused anywhere else!
• Note down details of the taxis that you board (taxi company, license plate, make/model of taxi). Takes getting used to though.

What to do when phone's stolen/lost (in order)

1. DON'T PANIC, knee jerk reactions are not what you want!
2. Recall when you last used/saw the phone. Retrace your steps and narrow down the possibilities on where to search. Confirm that it was indeed dropped somewhere/in the taxi.
3. Lock phone remotely if you can, and haven't locked it already (Apple's Find My iPhone allows you to do that if you've set it up already). For the average Joe who picks up the phone, it makes the world of difference between a phone that he/she can use straight away and one that he/she is better off returning.
4. Call in 5-15 minute intervals to locate/get someone's attention to the phone. Don't call non-stop as there's no point in spamming your phone, especially if it's going to result in a flat battery which is worse off.
5. Leave a message for any would-be finder to be able to contact you and return the phone. You could use the phone tracker, or simply SMS/WhatsApp/etc. Many phones show the message contents without having to unlock the screen (!!!).
6. Locate the phone, mainly to see if it's trivially retrievable (left on the floor somewhere, or taxi's stationery), or for the police report to come later.
7. Call for help (taxi company). There's an awesome list of Singapore taxi companies' numbers out there.
8. Lodge reports especially when your chances of getting the phone back are slim, or when it's been a while since you've been able to find it/get it back. For the phone itself (property) and any other items of importance that was lost together like identity cards, call the police or make use of the SPF's e-services to lodge a report. Credit cards that were with the phone should be cancelled regardless of whether you get the phone back or not since there's a high likelihood that someone else has seen your CC number and CVV. You do NOT want to go through additional heartache and trouble of undoing credit card transactions by the unscrupulous.

That's all for now. Stay safe, and stay calm

Edit: I guess if this happens you could just skip straight to locking the phone and calling the police.

Also first run in bloody hot weather, thank God we didn't get heat stroke or anything.

While it is really sexy (oh yeah!) to be able to dig out stuff from a computer that Joe or that pesky malware writer tried to hide, responding to incidents requires information to be surfaced as much and fast as possible in order to solve the mystery and contain the damage. And for organization-scale incidents, one great source of information would be the logs generated from the various endpoints/perimeter devices.

So far there's the area of SIEMs and logs management, where we get the heavyweights like Anton Chuvakin. The closest could perhaps be SANS' network forensics course offerings, but the coverage is glancing at best. But looking for discussions in terms of analyzing logs specifically for DFIR, zilch. Perhaps I'm looking at the wrong areas, if so do let me know

As with many security-related domains, the more an area is publicly shared, researched and discussed, the more the good guys stand to gain. The flip side argument being that the bad guys are reading the same stuff too, but that's another topic to be visited another time.

Till then, will share whatever I can about this area that I've learnt so far. It's really a curious monster in itself amongst DFIR efforts.

DShield.org in collaboration with SRI International has established a new experimental custom source address blacklist generation service available to all DShield.org contributors. This new service utilizes a radically different approach to blacklist formulation called Highly Predictive Blacklisting. Each DShield contributor can now access a unique HPB (instructions below) that reflects the most probable set of source addresses that will connect to that contributor's network over a prediction window that may last several days into the future.

Highly predictive blacklists employ a link analysis algorithm similar to Google's PageRank scheme used to find the most relevant web pages given a user's query. Similar to a web query, DShield contributor's firewall logs are cross-compared in search of overlaps among the attackers they report. Each attacker address that is included in an HPB is selected by favoring those ad-dresses that are encountered by other contributors that share degrees of overlap with the HPB owner.

How does it work (for non math geeks ): We compare your firewall logs to firewall logs submitted by others. If you and other submitters are hit on similar ports, then your are more likely to be attacked by the same IPs. Your personal "HPB" is created from the IP addresses that target submitters with similar reports as you.

While this is directly useful to firewall administrators, the concept could potentially be extended to other domains/uses too. Filing this under "bag of tricks" for now

...the time for short but precious catch ups.

...the time to meet prospective new additions to the family

...the time where I remember the grace of family members towards one another, especially to the "wayward" ones... (how unfathomably deep is God's grace to us in Jesus, when I can't even fully understand the family type?)

...the time when we remember that many (of them) are just a phone call away actually.

I like family gatherings.

Full of hope
Full of joy
At the expectation of meeting Him
All our doubts
All our fears
Will evaporate when we see His face
And I know the LORD knows me

Chorus:
And the day will come
And the night will flee
And the earth and sky erupt beautifully
And the One who lives in eternity
Will appear in light to deliver me

I long to see Him look at me
For I know His love for me is real

Like a thief in the night
He will come again at a hour unknown
Be prepared
Be awake
For the warning signs have all been fulfilled
And I know the LORD knows me

(Chorus x 2)

I long to see Him look at me
For I know His love for me is real

(Chorus)

---

A quick recap on the main points from Amos (at least from what I could grasp and write down):

1) The higher standards of judgement for those that God had saved.

2) Warnings against the failings of Israel in the past...and what we can do today too:
- injustice, partiality, inequality, perversion of the laws of the land
- not looking out for the poor,weak and downtrodden
- gross self indulgence and selfishness, especially at the expense of the already poor
(the prior few basically showing love only for self, and epic disregard for the fate of others)
- showing the facade of religiosity without any heart underneath it
- not recognizing that God's grace, the gospel, is available to all
- (related to the prior) pride in thinking that God's grace is exclusive to ourselves
- pride: a fundamental attack on God's provision. Forgetting God's work, and thinking that what we have (especially salvation) as Christians was earned by our own efforts
- lulling into complacency, such that shock tactics are actually needed to "get to you"

3) God's character traits:
- mercy shown in the punishment of His people; to turn the wayward back around before it's too late
- absolute power and authority: He's able to judge His own people as much as He can judge those who rebel against Him

4) Refuge found only in God. "Seek the LORD and live..." Amos 5:6a. Seek good, not evil. Hate evil, and love good. Only truly found in Christ.

5) Hope, arising from God's faithfulness to His promises made in the past. Christ ushered in the fulfillment of the promises made by God; we Gentiles are the nations brought to Him because of the Cross. God will fulfill the promises that He made, as recorded in Scripture. Regardless of human sin, and even making use of it in the grand scheme of things to fulfill His promises.

---

I have a lot of changing to do...but that is good, because not too long back I was almost begging for change to happen. I was almost at the end of my own rope...

Hope her letter gets read by her intended audience, and more. But I'm not too sure how much to expect of a reply, or of its contents...only time will tell.

an open letter to the education minister.
by Janelle Nicodemus Lee on Monday, July 11, 2011 at 8:54pm

I was thinking about things on the bus ride home, after reading about such letters from students in IN. I guess it's my turn to say what's been on my mind for quite a while... After all, Ghandi once told us to "be the change you want to see in the world."

Dear Mr Heng

I am a Secondary Four student at Nan Chiau High School, and am due to take my O Levels this year. Being shown first-hand what the education system is like, especially from a fairly unflattering point of view, has made me realise much about the education system that I do not like. Of course, I am fully aware that no education system is perfect, yet in the spirit of transformation the PAP has hopefully adopted since the 2011 General Elections, I write this letter to you in the hope that some of these problems with our system will indeed be changed, or if not, at least reviewed.

I speak just for myself, and not for all other graduating students in Singapore when I say this, but I do feel strongly about many methods being employed in secondary schools, especially for graduating classes. For one, I have come to realise the serious emphasis the education system has placed on factual memorisation. Perhaps it is just used in my school, or maybe even a method most autonomous or government schools apply, but based on personal observation, I have come to the conclusion that students are often not taught to ask 'Why?'

Children are curious and inquisitive, asking their parents questions many parents themselves are not able to answer. As a parent yourself, I believe you can testify to this. Too often, I have heard toddler cousins asking their parents why the grass on my front lawn is green, and how their baby sister was created, or why fruit punch is reddish-pink. I therefore strongly believe that the education system is indeed stifling to a child's inquisitive and curious mind.

Albert Einstein once said: "The important thing is not to stop questioning. Curiosity has its own reason for existing. One cannot help but be in awe when he contemplates the mysteries of eternity, of life, of the marvelous structure of reality. It is enough if one tries merely to comprehend a little of this mystery every day. Never lose a holy curiosity." Yet, what is it we are doing to our students today? We are training them not to question, Mr Heng.

I once had to do a Chemistry paper in which I was asked 'Why?' for many things, such as 'Why is carbon a non-metal?'

Perhaps it is just my school's teaching methods, but for the life of me, I was never once taught why carbon was a non-metal. Since I started with Chemistry in Secondary Three, I learnt that the staircase line divided the Periodic Table into metals and non-metals, and that metals and metals took part in metallic bonding.

That, I believe, is one of the key flaws in the education system. This is a flaw that is not only serious, but also has wide-reaching effects. The most common definition of education is the one provided by the Cambridge dictionary, which states that education is 'the process of teaching or learning in a school or college, or the knowledge that you get from this', but I prefer the one found in the students' favourite dictionary. Education itself, as defined by Dictionary.com, is 'the act or process of imparting or acquiring general knowledge, developing the powers of reasoning and judgment, and generally of preparing oneself or others intellectually for mature life."

The beauty of education is to ask 'Why?' and have those questions answered. To be aware of knowledge one never knew about. To constantly discover new insights and new things every day, to answer questions lurking in our minds. But far too often, we are taught not to ask why, to just memorise. To get an A1, all we have to do is memorise our textbooks inside out and upside down, and be able to regurgitate them on the very day, tweaking them minimally to answer the questions asked. In the pursuit for grades, I believe we have lost the beauty of education: The ability to ask 'Why?'

Maybe I'm still a teenager. Still sixteen, still not quite mature in my thinking processes and ways of speech. Maybe I don't know exactly what type of education system I want, but I know one thing: I want a system where I'm not a product on a factory line, but a real human with an inquisitive mind, always taught to ask and wonder. Memorizing is indeed the fastest way out. Fastest way to good grades, the fastest way out of poverty, the fastest way to a good job and a good salary and a good life. The fastest way to a First World Country. But is it really the best way to educate?

Minister, the purpose of education is to 'prepare oneself or others intellectually for mature life'. Singapore is a First World Country with developing quartenary industries and a high Human Development Index. It has a stable economy, a thriving political landscape and top-notch healthcare systems. No longer can we adopt the same methods it took us to get here. Instead, what the country needs is more thinkers, more creators. People who dare to ask 'Why?' and 'Why not?'. People who are not slaves to change, but create the change. How do we train the leaders of the nation, if many of our brightest young minds are not bright because they can think, but are bright simply because they know how to maneuver their way around school exams and the education system? It is no surprise then, that many of our local policies are all recycled from those of other countries. They lack imagination and creativity, because it is my deep-set belief that other than curiosity, those are the other things the local education system kills.

My friends are constantly telling me that Singapore has no talent. They are constantly swooning over foreign celebrities, actors and actresses, but in comparison, the support and fanbase for our own local talents are negligible, save for a few. I do not believe that Singaporeans lack talent. In fact, I truly believe Singaporeans are a talented bunch. Art, music, dance, you name it, I can name someone who's good at it. So what is the problem here, you may ask. The problem is that Singaporean youths are often not taught as individuals with separate talents, but as a collective who are all the same. Often, we suppress our own natural talents for what the education system wants. I have had so many Chemistry and Biology answers marked completely wrong just because I used my own words to express the same idea. 'Cambridge wants this, so we will give them this' appears to be the mindset of most of the teachers, who throw us model answers to be memorised. We cannot change the markers at the University of Cambridge, but I am sure you would agree with me that this is not the way to educate youths. Many times, in English, I have been told to follow a certain structure and certain format for even free writing tests. Youths are brimming with creativity and fresh ideas, but we lack that same outlet to express them. Why do you think social networking is such a crazy trend? Social networking gives students a voice that the education system never gave them.

How do we cultivate talent in this manner, by not giving youths a voice? By memorizing tons and tons of model answers and essays to be submitted? In this way, the education system is sending a message to Singaporean youths that it is not wrong to have a voice, but it is wrong to use this voice in the system of education. What it does not realise is that it is the education system that is supposed to give Singaporean students their voice! By educating students, we are giving them the ability and knowledge to speak their minds, yet take this privilege from them away all at the same time.

Is this really what education is? Stifling voices in favour of appeasing examiners, memorizing facts to get that A1, yet all of these are forgotten by the time we start work?

Call me naive, because I am still young, but I believe an education is not about imparting facts and figures and making students digest it all. It's about shaping a mindset. Creating a person. Nurturing what God gave each one of us. I fear that in the pursuit for the Singaporean Dream, we have lost the initial purpose of education: to create a person, who is opinionated and articulate and creative and imaginative. Who is not afraid to think out of the box and come up with new ideas and policies.

We may be a First World Country, but if our education system still holds the belief that we are in a Second or Third World Country, and need to furiously cram facts in our head to get out of the cycle of poverty fast, then we will never truly raise First World leaders. Leaders who can think about the solution to an exact problem, and not recite whatever they learnt in their political science or economics courses in university.

---

Another gaping flaw in the education system is the premise of character development. From the way it is taught in schools, it often feels like schools are introducing character development just purely for the sake of it, and not for inculcating values important to working life.

Mr Heng, we are taught Civics and Moral Education from a FILE, and from TEXTBOOKS. We are given CME EXAMS. Surely you would agree this is not the way to go about teaching values? Values cannot be taught, so the education system tries to force it down our throats by teaching us morally-correct behaviour.

Since Social Studies in primary school, we have been fed the system's easy way out. Instead of actually having values instilled into us, we are taught to give morally-correct answers. We are taught to help old ladies cross roads when they look like they need assistance. Though the last sentence may be a bit of an exaggeration, one cannot deny that it is true. Character is not the knowledge that we should help the old lady cross the road, but the actual act of helping her do it.

The sad but true reality is that most teenagers know that the old lady needs assistance, but would rather continue checking Facebook statuses and giving Twitter updates on their smartphones rather than going over and helping the poor soul.

Granted, who am I to make a generalisation and say that all teenagers are this way? I know that there are teenagers and youths out there who are truly compassionate, who would truly go out of their way to help, but I have no arguments in my bag of tricks to argue for the stand that this behaviour is taught by Civics and Moral Education lessons in schools. Rather, more often than not, it is good parenting that leads a child to do so, not CME lessons.

Teachers often 'eat up' our CME lessons to have their own lessons, for one. Though this may not be a commonplace occurence, it happens extremely often for graduating classes when teachers are rushing to finish up the syllabus. Again, the system sends out another message: As long as you can get all A1s for your O levels, your character does not matter.

I am sure this is not the intended message, but it is certainly what most of us are hearing. The common mentality is 'So what if you have a good character? You're failing most of your subjects."

I find this rather peculiar, because I for one have always found that with a strong character, good grades come naturally afterwards. With self-discipline and self-motivation, a student can certainly get good grades. Thus, character development should in fact be more important than academic education, because after all, an education is not about pure academics. Instilling values in a child is certainly an important part of preparing them for maturity, for maturity does not come with grades, but with wisdom and growth no amount of midnight-oil-burning can develop.

---

As a Secondary Four student, I experience first-hand the ugliness of the flaws the education system has. In fact, I spent one hour and forty-five minutes writing you this letter. Though I am not sure if you will ever get to read it ever in this lifetime, but this is something that I believe in. I believe in being the change I want to see in the world, or at least in my environment, as cliched as that sounds. Every one else will tell me that this is a waste of time, because I have Preliminary examinations next week and I could have been studying instead of typing this long Facebook note out.

This is the type of education system the Ministry of Education's policies have cultivated. A system where fighting for things one believes in are seen as a 'waste of time', where reading anything non-school-related is seen as yet another waste of time. Is this the type of education a First World Country should have, one where students' thoughts and abilities to express themselves are confined within the front and back cover of their textbooks, where it is better to be passive and just study hard under the system than fight to change it and waste one's time, where having your own thoughts is a liability.

Have we lost the true meaning of education somewhere in the paper chase, buried under all the degrees and diplomas and paychecks? Or were we lost all along as to what education truly means?

I have not given up hope that there is still space for change. I have not submitted myself to accepting that 'this is the Singapore system and I cannot do anything about it'. I am fighting for the changes I want to see in the best way that I can, because I believe that someday, my children will be educated in such a way that they are taught to never stop asking, and to always care about the people around them. I believe that you have the power to make these changes happen, and if not, at least a thorough review of the policies made by your predecessors.

Thank you very much for your time.