Forensics timeline

One of my recent labs for my Unix Forensics class, was dissecting an OS X Time Machine backup. A requirement of the report was to create a timeline of file changes on the system. The image was given to us in a tar.gz at the file system level. This destroys all but the modified time stamps. Regardless, I created a video time line of the time machine backup. This is built using the open source project Gourse and the log was created a basic shell script (also embedded below). A few things of note: 

  1. Currently has mixed usefulness. There are many times when there is so much happening that useful info is drowned out. By limiting directory scope it might become more useful. 
  2. Only takes into account last modified times, since that is the only accurate time stamp I have access to. Might be interesting to use this with a mature Time Machine backup.
  3. Files disappear from the tree after not being touched after some time. As files only get touched once (see number 2) files disappear.
  4. Hidden files are not shown as I forgot find * doesn't list them by default.
  5. Most of the time line is prior to install of the OS. The "Some Forensics User" doesn't actually do anything until 1:14:34. At that point so much is happening that #1 above comes into play.


RPi Wireless Headsets [Update 1]

After I got receive audio working through the mumble-ruby library, I moved the code over to the RaspberryPi and it keeled over. Apparently, it isn't fast enough to receive the audio from the mumble channel, convert the Opus packets to PCM, and output to the speakers. I haven't even attempted to push audio back into the channel. I might be able to increase the efficiency of the code a bit, but I don't know how much.


Adding receive audio to mumble-ruby

For my upcoming project, RPi Headset, I needed the ability to pull audio from the current mumble channel and send it to the speaker. The problem, is that the Mumble-Ruby library only had support for sending audio to the current channel. I started looking into what it would take to add this feature. I realized that the Opus-Ruby library didn't have support for decoding Opus packets. Two weeks later, I'm was still banging my head against the problem. In hindsight, I realize that I was trying to diagnose too many problems at once:

  • Trying to work with C and pointers in Ruby
    • When Ruby throws a fatal stack overflow error you know you're doing something silly
  • Learning libopus
    • I don't know how much I can blame on their doc or on my own lack of working with audio libraries before. Probably a bit of both.
  • Learning the Mumble protocol
    • This I will blame on their doc. It is outdated, incomplete, and/or not presented in a very understandable form. (I won't fault the devs for this issue. They aren't the most staffed of FOSS projects.)
Earlier this week, I finally had some useful(ish) audio coming out of my speakers; not great, but recognizable. Yesterday, I stepped into #opus on freenode, and described my problem. Within half an hour, they'd helped me realize that I'd overlooked that fact that the opus_decode function returns a number of shorts not bytes contained in the decoded array. Audio then worked great, I cleaned up the code and pushed it up.

[Original Issue]


Captioning foot switch

With the number of captions I have been doing for SparkFun, I started to poke around with dedicated captioning programs. I have pretty much decided on Gnome Subtitles as my caption tool. The play/pause function is bound to the most convenient key of F5. Instead of trying to rebind it to another key on the keyboard, (because, TBH it's probably the best of the available options) I modified the Morse Code Practice Keyer I talked about earlier.

I attached a foot switch to it and programmed the Digispark to act as a keyboard and generate F5 keystrokes.


Morse Code Practice Keyer

After getting my first iambic paddle, I needed something to generate tones for practicing. I had a few parts lying around so I tossed this together.

[Code for Digispark]


Mac and Cheese

Panko is a bit more brown then I normally like.
Still good though :)


  • 1 box Annie's shells and white cheddar
  • 1/4 - 1/2 cup milk (I use skim)
  • 2 Tbsp butter (I use salted... I have to salt Annie's if I don't and salted butter has about the right amount for me)
  • Cheese. It doesn't really matter what type. I've used:
    • Cheddar
    • Mozzarella
    • Colby Jack
    • Provolone
  • Vegetables. I've used:
    • Frozen peas
    • Frozen corn
    • Fresh broccoli
    • Green onions
    • Jalapenos
    • Mushrooms
    • Snow or sugar snap peas
  • Meat. I've
    • Cooked in imitation crab
    • Served with hot dogs
  • Panko


  1. Cook the pasta as directed
  2. While the pasta is draining, make the cheese sauce as directed using 1/4 cup milk and the butter.
  3. Heat up oven to 350 F
  4. Add the extra cheese and heat until melted.
  5. Add more milk to thin it as necessary.
  6. Stir in vegetables and meat (if your mixing in)
  7. Pour pasta into a 9x9 (ish) baking pan
  8. Pour cheese/vegetable mixture over pasta
  9. Sprinkle panko liberally on top
  10. Bake for 15 minutes
  11. Broil untill panko is browned
  12. Serve