Programming courses...
 
Notifications
Clear all

Programming courses geared towards forensics

5 Posts
3 Users
0 Likes
370 Views
(@mcintyre2009)
Posts: 8
Active Member
Topic starter
 

Hey,

I was wondering if anyone had any suggestions for programming courses they may have attended which are more geared towards forensics.

I know about the course that is offered at Cranfield (http//www.cranfield.ac.uk/courses/training/programming-for-digital-forensics.html) and ideally would like to have done that however they only teach it once a year in Janurary /.

Any suggestions would be welcome. I am looking at coming at this from a beginners perspective. I know many will suggest self teaching and whilst that works for some, with programming it always seems to elude me .

Extra info in case you wondered. I have a BSc and MSc in Forensic Computing and have been working as a forensic investigator for the last 7 months.

Many thanks

 
Posted : 21/03/2014 12:54 am
(@dcs1094)
Posts: 146
Estimable Member
 

I'm aware that Control-F run a Python scripting course in the UK, however have not attended

http//www.controlf.net/training/ps1/

 
Posted : 21/03/2014 4:20 am
(@mscotgrove)
Posts: 938
Prominent Member
 

My view of forensics is that very often you want to be able to examine embedded data. ie you may be looking for dates, encoded, and not nice text strings, unallocated areas of a disk, and not just nice neat files.

You therefore need tools and a mind set that can work on making sense out of apparent rubbish. There are many very good Forensic applications, but there is often the case that you want to delve a bit deeper and discover or manipulate something that a standard tool will not recognise.

My first advice is to learn to read Hex dumps - and in particular always think of a number in Hex. 95% of the time a Hex number can make more sense than a decimal number.

Secondly, you want to get to grips with a language that allows low lever data examination and manipulation. Having used C/C++ for years, I see no reason to change. It allows for bit examination and has pointers. Lots of people know it, so help should be available.

I may not be correct, but I feel that programs such as Python may be much quicker to write 'Hello World', but I am not sure you can really map your unknown data to your processing requirements.

Programming is a skill, Forensics is an application so you may better off on a course that you understand and suits you, rather than a specific forensics course.

In this answer I assume you to program to help your forensic examinations, rather than being a full time developer - though my C/C++ suggestion would be the same for both.

 
Posted : 21/03/2014 2:17 pm
(@mcintyre2009)
Posts: 8
Active Member
Topic starter
 

Firstly DCS1094 - Thanks for the link, I'll be sure to check it out.

mscotgrove - Thanks for the extremely well written and detailed reply. I'll just paste a snippet from the Cranfield course as i feel it sums up aptly what i'm trying to achieve

"this includes struct (for interpreting raw data), logging (to ensure that your program maintains an audit trail of results produced), re (for regular expression based searching) and other modules for interpreting data (sqlite3, xml, json). We also cover the subprocess module which can be used to script other command line tools and transfer output from one program to another in order to create your own custom digital forensic workflow"

This is the kind of thing i am looking to do. Without sounding arrogant, i feel pretty comfortable performing/undertaking investigations and reading Hex. What i feel like i'm missing is the ability to move away from commercial tools and use programming to help solve problems with specific file types/ data structures when/if i encounter then.

Furthermore, the use of more higher level languages is used throughout the office, which is why i initially thought C# and Python would be more beneficial. Saying that, i'll certainly take on board what you wrote. Do you know of any well received courses?

Thanks again.

 
Posted : 21/03/2014 11:28 pm
(@mscotgrove)
Posts: 938
Prominent Member
 

Sorry I cannot help you with courses - I started over 30 years ago with Kernigham and Ritchie!

Cranfield have a very good reputation.

 
Posted : 22/03/2014 12:46 am
Share: