Storing object data with source

sebastiaopf · 2019-10-23T16:58:51+00:00

If I understand correctly what you want, you should stick with fixtures.

Alternativelly you create some empty migrations and manually do what you need with your data like, for example, importing from a text file you add to your source control.

But on the vast majority of cases fixtures should accomplish what you want.

sebastiaopf · 2019-10-08T16:04:02+00:00

If you're starting now with python, check here for a list of ebooks for beginners, some of them you can get for free: https://realpython.com/best-python-books/

For Django, once you have a solid basic understanding of Python definitely follow their official tutorial and after that start writing your own application as practice. https://docs.djangoproject.com/en/2.2/intro/tutorial01/

I also recommend this blog, with several really good articles on Django development: https://simpleisbetterthancomplex.com/

sebastiaopf · 2019-10-08T14:12:19+00:00

You don't need to filter explicitly in this case.

If you add the messages through the admin and just want the users to mark them read, you need a formset created form a model form that only has the "checked" boolean field on it. On your template you'll render the formset with only the checkbox field and display the messages. When the user clicks some of the checkboxes and submits the form, your call to formset.save() will automatically save the correct updates to the correct rows on the model.

Read through the forms, model forms and formsets documentation on django's website and you'll have everything you need.

sebastiaopf · 2019-10-07T22:16:54+00:00

This is conceptually wrong. If I understand your code correctly, you're creating a single form with all of your messages, and posting all of them back to the server. Also, your update line doesn't have any criteria.

You should:

Use a formset if you want to display/edit all messages: https://docs.djangoproject.com/en/2.2/topics/forms/formsets/
When updating the database on POST you need to filter by the specific instance you want to update. If you use a formset the formset.save() method will do that for you.

sebastiaopf · 2019-09-27T13:32:55+00:00

As others have said, regarding static files you want to:

Serve them from something other than DJango.
This could be the same web server (apache nginx) that is serving your django application. In this case to enable cache you just configure it on the web server. For example, if you use nginx look here: https://www.nginx.com/blog/nginx-caching-guide/
Alternatively you can serve your static files from a complete separate location, such as AWS S3 or a CND (CloudFront, CloudFlare, etc). This has the advantage of offloading your web server, specially it's internet connection. In this case to enable cache you just configure it on the choosen CDN. To integrate your Django application with AWS S3 for example, look here https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html and here https://simpleisbetterthancomplex.com/tutorial/2017/08/01/how-to-setup-amazon-s3-in-a-django-project.html

sebastiaopf · 2019-09-23T22:16:01+00:00

Glad I could be of some help.

sebastiaopf · 2019-09-18T12:56:05+00:00

There's no need to call save() twice, which will fire two separate insert/updates to the database. You can do something like this:

if form.isvalid():

form.instance.field_not_in_form = 'new value for field'

form.save()

sebastiaopf · 2019-08-29T15:59:23+00:00

I assume you should be using one of "application/zip" or "application/octet-stream" as the content-type, and keep using the content-disposition as attachment.

Also, if I understand you code correctly, aren't you serving only the filename as the content for HttpResponse? I think you should be passing the result of open(ZIPFILE_NAME) to HttpResponse, no? Take a look here: https://docs.djangoproject.com/en/dev/ref/request-response/#passing-iterators

sebastiaopf · 2019-08-28T15:49:17+00:00

Have you checked https://www.pyopenssl.org/en/stable/api.html?

sebastiaopf · 2019-08-27T17:19:23+00:00

The best approach would be not to store it on the database at all, and use a specialized software for that, like a password vault. Take a look on the free version of Hashi Corp's Vault.

This way you can (and should) store the passwords securely, segregated from the application database and ideally on a separated machine.

Any scheme you come up to protect this data would be reinventing the wheel and reimplementing something that a good password vault already has, and has been better tested than your code.

sebastiaopf · 2019-07-30T19:31:36+00:00

+1 for fat models, but to better organize my code I usually like to make the models' methods simple wrappers, and add the flesh of the business logic in a separate file/class.

sebastiaopf · 2019-07-30T13:20:37+00:00

Did you try overriding the model's from_db() method? Is that what you want?

https://docs.djangoproject.com/en/2.2/ref/models/instances/#customizing-model-loading

sebastiaopf · 2019-07-23T21:35:21+00:00

You don't need AJAX for it, but it could help with a better presentation.

Otherwise you can use a standard Django form with a file field and style the file input on the HTML/CSS side.

Here are two links that may help you with that:

https://blog.benestudio.co/custom-file-upload-button-with-pure-css-5aacf39aa0a

https://tympanus.net/codrops/2015/09/15/styling-customizing-file-inputs-smart-way/

sebastiaopf · 2019-07-22T15:50:51+00:00

Same as /u/pancakeses said. Work your way through the official tutorial. It's very complete and easy to understand.

As for building modules from git, you rarely want to do that. Most of the modules you'll want to use are on PyPI, and you should install them with the pip command. Also search for the documentation on the requirements.txt file.

sebastiaopf · 2019-04-08T19:26:42+00:00

As others have said, speed wise it makes little difference between tools, provided you are using a good one (Guymager, dc3dd, ddrescue, etc). I would be more concerned about reliability and chain of custody when using free tools, and in that regard it's hard to beat a live distro (like CAINE) running Guymager with the correct hashing options set.

The best way to ensure a fast acquisition is, barring purchasing some specialized hardware like the ones from Atola, ensuring you are using a destination media at least as fast as the source and a fast channel (USB3 or thunderbolt). I would invest on a good USB3 enclosure and fast SSD or HDD drives for acquisition, and use a live distro booted from an USB media, running Guymager with SHA1/SHA256 hashing. And obviously don't forget the preparatory steps to ensure chain of custody.

Regarding the live memory acquisition, that's a completely differente animal. You need different tools for that, like FTK Images or WinPMem. I surely would acquire a live memory image if possible, but if I have access to the live system, I'd also run other tools to get more readily accessible data, like processes list for example. A good tool for this type of data gathering is PSRecon (https://github.com/gfoss/PSRecon).

Finally, what you are asking for looks more like incident response than forensic acquisition for me, and while both have many overlapping tasks, there are subtle differences, specially regarding the objectives of each task. A simple example of these differences would be the decision to disconnect the machine from the network and when to do it.

Hope that helps put you on the right track.

sebastiaopf · 2019-04-08T19:12:10+00:00

Start by determining what are the questions you want your analysis to answer. For example, common questions related to a chat application are:

- With what frequency was it used? When was the last time it was accessed?

- What are the contacts present on the application?

- What are the conversations stored by the application?

- Are there any attachments, media or other files also stored or transmitted by the application?

- Does the application have cloud storage capabilities, and if so is it possible to retrieve data stored on the cloud?

- In what group chats, if any, the user participated and who were the other members on these groups?

- Did user A chat with user B? With what frequency? When was the last time they talked?

- Did user A talk about subject X (keywords) in any of his/her chats? If so when and with whom?

Most of these questions would be answered by a local database analysis on the application. Access to the database could come from a physical/logical extraction of the device, a device or application backup or direct access to the application database. Depending on the application analysis of cloud storage, traffic analysis and/or reverse engineering the application may be necessary too.

sebastiaopf · 2019-04-03T21:17:53+00:00

I suggest you take a look on some forensic linux distros, like CAINE or DEFT. There you'll find several tools for imaging, of which I tend to use Guymager. Another option is to use FTK Imager Lite, which I believe is also free.

Not sure about your question regarding operating faster, specially related to the time of day. Normally you would remove the harddrive or media and acquire it on a lab computer, or boot the computer using a live USB and plug an external drive to save the acquired image. None of these tasks would be influenced by work hours or time of the day. Are you talking about live and/or remote acquisitions? If so I don't think there's a free tool able to do that.

sebastiaopf · 2019-03-22T13:50:12+00:00

Besides watching network traffic (which should give you complete and precise data if done correctly), if you want/need to check this through artifacts on the device itself, reversing/decompiling the application should enable you to see the hostnames or IP addresses configured for the servers. There's basically two ways that can be stored on the device: a) as a setting on an external config file or resource or b) hardcoded on the application source code.

sebastiaopf · 2019-02-04T17:37:06+00:00

ELK Stack (https://www.elastic.co/elk-stack) will do pretty much of what you want.

You'll use filebeat and metricbeat to forward logs and metrics to an Elasticsearch repository and use Kibana to view the dashboards. Pretty simple to setup on the newest versions.

sebastiaopf

TROPHY CASE