Posts Tagged OS X
This article will walk you through installing GIMP on OS X with an ELA (Error Level Analysis) plugin to detect editing.
To learn more about reading ELA results, read this:
First, download GIMP from here: https://www.gimp.org/downloads/
Next, grab elsamuko-error-level-analysis.scm from the bottom of this page: https://sites.google.com/site/elsamuko/forensics/ela – Save it for later.
After downloading this .scm file, open it in your favorite text editor and locate the following line:
SF-STRING "Temporary File Name" "error-level-analysis-tmp.jpg"
Change it to the following:
SF-STRING "Temporary File Name" "/tmp/error-level-analysis-tmp.jpg"
And save the file. This fixes an issue with images not being able to be processed as the default location is not writable by GIMP.
Now double-click the GIMP .dmg file you downloaded, and copy GIMP to your Applications folder as shown:
Once you have it copied over, you will want to open the package contents by alt-clicking and selecting “Show Package Contents“.
From here, navigate to Contents > Resources > share > gimp > 2.0 > scripts and drop in the elsamuko-error-level-analysis.scm file you download earlier.
Now, run GIMP. Because of security-related things and stuff, the first time you run you will have to alt-click on GIMP and select Open. After doing this for the first time, you won’t have to do it again.
GIMP will appear to freeze for about 5 minutes while it builds its initial caches. This will cause GIMP to appear unresponsive. Do not force-kill it during this time, simply be patient until it opens.
Now, you can perform ELA on an image by opening it, and selecting Image > Error Level Analysis from the menu.
Once you’ve done that, running it against an image will produce an ELA mask as an additional layer, which you can use to analyze an image.
You can toggle the ELA layer visibility by clicking the eye shown in the following screenshot.
(Sample image from http://fotoforensics.com/tutorial-ela.php, retrieved April 11th, 2016)
So today I was going through my Synology NAS and noticed .DS_Store files all over the place.
These are actually files containing extended attributes created by Finder in Mac OS X. But, since they get written out to network locations, they can cause backup and versionining issues.
To disable them from being created on network locations, open a Terminal and run the following
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
(Note: This only affects the currently-logged-in user)
Now in my case, I had these files all over my Synology NAS, so I was able to easily get rid of them by SSHing into the box and running the following:
find / -name .DS_Store -delete
wget is a really handy command line utility, but unfortunately not included in OS X. Curl could be a suitable replacement, but frequently scripts are written with wget, and it can be difficult and time-consuming to convert them to using curl.
Users interested in installing wget should first install Homebrew and then run:
brew install wget
This will install wget from Homebrew.
The below steps are deprecated and likely no longer work at all:
Below are the steps required to install a working wget on Mac OS X. This has been tested on OS X 10.6 Lion.
Install XCode from http://itunes.apple.com/us/app/xcode/id497799835?ls=1&mt=12 (at this time, it’s a 1.5GB download.)
Launch XCode, updating if necessary.
Go to Preferences > Downloads, and install Command Line Tools
Now open a terminal and perform the following steps at the command line one at a time to download, extract, configure, compile, and install wget:
curl -O http://ftp.gnu.org/gnu/wget/wget-1.14.tar.gz tar xvzf wget-1.14.tar.gz cd wget-1.14 ./configure --with-ssl=openssl make sudo make install
You should now have a working wget installed in /usr/local/bin. Confirm by trying
$ wget wget: missing URL Usage: wget [OPTION]... [URL]... Try `wget --help' for more options.
Feel free to comment below. Thanks!
2/7/2016: I got an email from someone who says this no longer works and gives the following message:
configure: error: –with-ssl=openssl was given, but SSL is not available.
If anyone has advice, please contact me. Thanks!