Developing App with...
 
Notifications
Clear all

Developing App with E01 support.

8 Posts
4 Users
0 Likes
2,203 Views
(@forensicitderby)
Posts: 18
Active Member
Topic starter
 

Hi,

For my masters degree, I'm wanting to create an application which incorporates the ability to read and write E01 files and then do other forensic-y things for an educational purpose.

I'm wanting to achieve this E01 file creation using a library with either Python, Java, C#.

LIBEWF - is something i have come across on-line. But there doesn't seem to be much support or documents on its usage with Java/C# etc.

I have some development experience.

Where would one start with trying to incorporate features for the above?

A student would create a custom E01 file with their own images, documents, files etc using my application. The app would then generate examination questions regarding the content on the E01 file they created.

Example "what is the MD5 hash of the jpg file X?"

Thanks

 
Posted : 15/10/2015 9:51 pm
(@randomaccess)
Posts: 385
Reputable Member
 

http//www.hecfblog.com/. David has a blog series detailing how to create a basic forensic program using python that might be a good starting point for you

 
Posted : 16/10/2015 3:19 am
(@forensicitderby)
Posts: 18
Active Member
Topic starter
 

Looks good, thank you!

Do you know of any C# implementations?

 
Posted : 16/10/2015 3:47 am
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

To be honest, once you've imported the DLL into either a C#/Java program or Python script, you can use any of the tutorials as the exported functions will be the same and only need minor alteration.

Importing DLL in Java
http//stackoverflow.com/questions/25454697/how-to-call-a-method-in-dll-in-a-java-program

And C#
http//stackoverflow.com/questions/5010957/call-function-from-dll

Another one for python, but just for the LIBEWF part of opening and reading file system
http//www.hecfblog.com/2015/02/automating-dfir-how-to-series-on_59.html

I take it familiarity with these languages is the reason you have discounted using C? If you are using C/C++ you can use the libewf.h rather than linking to DLL.

 
Posted : 16/10/2015 11:57 am
(@forensicitderby)
Posts: 18
Active Member
Topic starter
 

For my undergraduate project last year I took it upon myself to develop a social media capture tool in C#. This was my first proper software development project. It was successful and had many output file types, this is despite having limited experience with programming in general prior t doing it.

With C# or Java, I don't have to worry about memory management unlike with C / C++.

Also with C# I can put a nice GUI to it with ease.

Do you not have to compile LIB EWF before using it with C#?

- Obviously I need to go look in to it further.

 
Posted : 16/10/2015 2:17 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

You can probably download the compiled LL from the site. If not you can compile it yourself quite easily.
It will then work with any language that allows you to import DLL's

 
Posted : 16/10/2015 2:39 pm
(@mscotgrove)
Posts: 938
Prominent Member
 

Learn C/C++ In the long run it will be worth it.

You will then be in control of memory, and can use pointers, and even pointers to pointers to pointers!

 
Posted : 16/10/2015 4:16 pm
(@forensicitderby)
Posts: 18
Active Member
Topic starter
 

I'm dedicating about 12 weeks to the project.

I really would like to learn it but I don't have the time to go find fixes when things do not go to plan.

Unless you can recommend some books/resources to start with?

 
Posted : 16/10/2015 4:25 pm
Share: