Perl @INC (path for perl libraries) -- sleuthkit/autopsy error

Autopsy/Sleuthkit Error in console when trying to create timeline:

Can't locate Date/Manip.pm in @INC (@INC contains: /home/me/Desktop/sleuthkit-2.09/src/timeline//../../lib/ /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at /usr/local/sleuthkit/bin/mactime line 50.
BEGIN failed--compilation aborted at /usr/local/sleuthkit/bin/mactime line 50.


Fix:
What is @INC?

Appending to Perl's @INC array

The @INC array is a list of directories Perl searches when attempting to load modules. To display the current contents of the @INC array:

# perl -e "print join(\"\n\", @INC);"
Add the directory to the PERL5LIB environment variable (in the same terminal window where autopsy will be started):
# export PERL5LIB=/usr/local/sleuthkit/lib

http://www.brandonhutchinson.com/perl_inc.html
http://www.wellho.net/mouth/588_Changing-INC-where-Perl-loads-its-modules.html

Forensics - USB drives

Windows Forensics and Incident Recovery

http://www.networksecurityarchive.org/html/Computer-Forensics/2005-02/msg00001.html

1. When you connect a USB storage device to a Windows system
(2K, XP, 2K3), Registry keys are created. If they don't
already exist, the HKLM\System\CurrentControlSet\Enum\USBStor
key is created. Beneath that key, a subkey containing the
vendor name is created, and beneath the "vendor key", a key
with a unique name is created for each device (I'll call this
the "unique key"). On a test XP system, it looks like this:

HKLM\System\CurrentControlSet\Enum\USBStor
\Disk&Ven_LEXAR&Prod_DIGITAL_FILM&Rev_/W1.
\7&276114a5&0&______________040719030000008093F300000000000&0

Juniper (NetScreen) Firewall, PPTP stopped working after upgrade

You should be using the NetScreen-Remote client. But you might be using PPTP since the VPN client does not yet support Vista.

Anyway, in the upgrade to v5.4.0R6, I found that PPTP into a MIP of the Firewall was no longer working.

PPTP is a service installed by default. I created a new service called pptp-custom and put in the correct definition, which is: TCP port 1723, and IP protocol 47. After I replaced the NetScreen "PPTP" with my own "pptp-custom" in the inbound rule, PPTP was able to work again.

I guess the service definition had changed in the upgrade.

Juniper (NetScreen) Firewall - How to configure a traffic shaping policy

1.       You can create a high priority traffic policy for specific
traffic. Please refer following document:
http://Kb.juniper.net/KB4201

2.       You should set the external interface bandwidth to match the internet
pipe (even if there's another 100mbit router hop). Setting up BW greater than or lower than the actual BW can cause
drop in packets due to calculation mismatch. This is how the fw knows what the external limit is.

keywords: bandwidth shaping, QoS, bandwidth limit, guaranteed bandwidth, ScreenOS

"inbound packet failed validation" netscreen

Connecting to NS25 running 5.4R6 using NetScreen-Remote VPN client 8.x.

Seen on NetScreen-Remote log viewer:
"inbound packet failed validation" netscreen

But pings into the network work fine...

Persistent connection from Windows XP home to a domain share

C:\> net use P: \\mydomain\sharename /user:jsmith /savecred /persistent:yes

Change Microsoft Office default install source location

As an administrator, run:

C:\>MSIEXEC /i e:\data1.msi REINSTALL=ALL REINSTALLMODE=vomus /qb

(This was MS Office 2000, so that's why the path is to the msi file data1.msi).

Window will pop up and bar will move across, finally it will finish on its own.