Most free tools used for computer forensics run on UN*X and most forensics distributions are based on Linux. At first they were based on Knoppix and later they started to use Ubuntu as a base. In the change we missed the ability to load the OS to ram. Now you need to hack it a bit to boot to ram, but I’ll talk about this some other day…

The fact is that sometimes I miss having a persistent UN*X installation.

I’ve always loved BSD flavor, partly because I’ve had good experiences with it. In 2004 we had to do video and multichannel audio transmission Montreal – Barcelona in the context of Artfutura 2004. Need to do firewall and traffic prioritization minimizing lag and without wasting the precious 100Mbps connection we got? OpenBSD + PF did the trick.

And I’ve had a long relationship with Sun operating systems since my college years, first with SUN OS and later with Solaris (you may not believe me, but once I was shutting down a SUN OS 4.1.X SPARCstation with “shutdown –g 0” and I got a message like “does it have to be now?” before the screen got black. It was an Easter Egg, I guess…)

Continue reading “Solaris vs. Solaris”

Adam Leventhal, uno de los ingenieros del equipo de desarrollo de DTrace cuenta en su blog que Apple ha tenido a bien portar DTrace a OS X. Y de paso, y como quien no quiere la cosa, ha modificado el código para evitar el acceso a determinados procesos:

The notion of true systemic tracing was a bit too egalitarian for their classist sensibilities so they added this glob of lard into dtrace_probe() — the heart of DTrace:

#if defined(__APPLE__) /* * If the thread on which this probe has fired belongs to a process marked P_LNOATTACH * then this enabling is not permitted to observe it. Move along, nothing to see here.*/

if (ISSET(current_proc()->p_lflag, P_LNOATTACH)) { continue; }

#endif /* __APPLE__ */

No es que Apple no esté en su derecho, la licencia de DTrace lo permite… Pero es un asunto feo.

Continue reading “Port de Dtrace a OS X”