Programming and For...
 
Notifications
Clear all

Programming and Forensics?

11 Posts
6 Users
0 Likes
1,051 Views
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

So I'm a Digital Forensic Examiner, I deal specifically on mobile phone exploitation. It's a partime job of mines, and at the same time I go to my college and study programming.

I was wondering, since I've chosen Forensics as a career and I'm pretty much new to it, what programming language would I make use of, or which paths of programming could I take that could become a future asset to my organization as a whole.

What types of scripts, coding, software development idea's should I learn to increase my chances of getting better extractions and etc.?

Where should I begin? I'm pretty good with Java and C++, but how could I make use of these?

Would Shifting towards Python be better? I heard CURL is a good open source software, but I currently not sure if it will be any good, has anyone here have any input on that? Could Curl become something of use to me in my exploitation?

Some tips and advise would be nice from you pro's )

 
Posted : 10/10/2016 11:50 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

In digital forensics absolut most important is Phyton. Do it right, don' t start too many suites/languages. If you really will hang in go for C#.

Beside its helpful if you either are strong in iOS dev (99 bucks/y) or Android Studio.

If you tend to become a freak - Swift (Apple) is a dream to code and has a huge future potential.

 
Posted : 11/10/2016 12:00 am
Vesalius
(@vesalius)
Posts: 66
Estimable Member
Topic starter
 

In digital forensics absolut most important is Phyton. Do it right, don' t start too many suites/languages. If you really will hang in go for C#.

Beside its helpful if you either are strong in iOS dev (99 bucks/y) or Android Studio.

If you tend to become a freak - Swift (Apple) is a dream to code and has a huge future potential.

Very interesting, so I just started this semseter at Uni, and the first software we used is Android Studio, C# we learn too!

but regarding iOS, what is there to learn on that? Would you recommend Objective C?
Because we all know apple products are a pain in the a*s when it comes to digital forensics, how do you see becoming an apple dev useful, specifics would be great )

 
Posted : 11/10/2016 12:08 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Fully agree on the Apple pain on iOS core layer security (secure enclave, secure element, Touch ID, PassCode).

As our dependence on strong forensic suites is obvious the risk is to lose the 'understanding' of what the suite does. So the better you understand iOS (not necessary to learn Cocoa e.g.) the better you can lead your tools. Its crucial to master the tools, do not trust them, master them.

As Mobile Payment and Location Based Services are on the market for years but becoming more and more real, you could also start coding with watchOS 3.0. There you have to mix of security, sensors and mobile. Lets say you can code an watchApp based on location and security you get the full picture of keychain, iCloud and wireless connectivity like BT 4.0 LE.

It all depends on your passion in coding. Do you want to be a top examiner? Code is Key.
Do you want to be a fast first responder? Cross-functional-device FastAnalysis makes you speedy.

Top of all Mobile Broadband Forensics, www.3gpp.org the place to be.

 
Posted : 11/10/2016 1:19 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Learn a language that allow you to write tools so you won't be dependent on purchasing expensive tools that also can be limited in functionality, forcing you to buy more tools.

Python can be good - and it can also be limiting. You're not going to write WMI/SMART parsing tools in Python.

 
Posted : 11/10/2016 2:54 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Agree on Python limitations. In which language do you write Windows Management Instrumentation WMI PowerShell/Core 6.0.0 scripts?

 
Posted : 11/10/2016 7:23 pm
(@woany)
Posts: 28
Eminent Member
 

#TLDR

Just become a good programmer. Once you are a good programmer you can pick up other languages easily enough.

It is far better to learn low level fundamentals/basics (memory management, understanding data types, pointers etc) in languages such as assembly, C, C++ and then move to higher level languages, rather than the other way around.

If I want to write a server for analysing large amounts of data or a web UI, then I use golang
If I want to write a nice UI for Windows I use C#
If I want to do some easy processing then I use python (well actually I use golang for this now as well)

- woany
http//github.com/woanware

 
Posted : 12/10/2016 1:14 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Agree on Python limitations. In which language do you write Windows Management Instrumentation WMI PowerShell/Core 6.0.0 scripts?

Any new .NET language, that means VB.NET and C#. C++ could possibly be used, but i refrain from using that when C# exists. A program to get the serialnumber from different devices using WMI can be written in a few lines of code, IIRC you use SQL to query the WMI and you get back something that may or may not be readable, sometimes it's hexencoded and you have to convert it to text before you can make sense of it.

Here is an example i googled quickly, it's for VB.NET, it's basically the same function calls for C#, but with C# notation
wmi-to-get-hdd-serial-number

 
Posted : 12/10/2016 11:17 pm
mokosiy
(@mokosiy)
Posts: 54
Trusted Member
 

The way I see forensic market - Python + Bash/Powershell would be completely enough to feel good and efficient.

 
Posted : 13/10/2016 12:37 pm
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

If I want to do some easy processing then I use python (well actually I use golang for this now as well)

Interesting. I've not looked at golang at all, which I keep meaning to fix. What is it about it that you are starting to prefer over Python?

 
Posted : 13/10/2016 1:08 pm
Page 1 / 2
Share: