Forensic Tools - wh...
 
Notifications
Clear all

Forensic Tools - which OS?

8 Posts
7 Users
0 Likes
573 Views
binarybod
(@binarybod)
Posts: 272
Reputable Member
Topic starter
 

I have a problem

I can write tools in .NET which is basically a Windows framework (TimeLord is the one that is published but I have others). There is Mono for Linux but it is always playing catch-up. I can write programs in C or C++ which is best implemented in *nix (Linux for most forensic analysts). Cross platform tools are rare, difficult to implement and (especially if it means command line) not used in Windows.

My question is this - If I develop a forensic tool, in what framework would you prefer it? Windows, *nix and then do you want GUI or cmdline? (GUI =easy*resticted, cmdline=difficult*flexible)

If the majority is for Windows and GUI then I'll start charging for any future applications (because I can), if however, the majority is for *nix and cmdline then I'll develop open source because I want to help catch the bad guys and do my bit for the global good.

I could do a poll but this doesn't gather the kind of thought process that I want from you all.

Oh, by the way, I can write Mac apps but the Mac API is pathetic in a forensic context so I have ignored this (unless of course you know better!).

Paul

 
Posted : 14/10/2010 12:12 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Actually AFAIK a number of people (at least you can count me wink ) consider

  • .NET and ALL similar frameworks a huge bloat
  • "pure" C, C+ or C# (the one I call "C dumb") command line tools under windows VERY usable

And quite a lot of pure *nix have been ported to Windows 32 bit through minGW compiling or cygwin .dll's, so I don't think that is such a difficult thing to create command line tools and port them.
And for the GUI enthusiast, there is always the solution of pseudo-GUIs or nice looking wrap-arounds the "real" things (the command line apps).
The command line apps have the distinctive advantage that they are usually easily scriptable, through batch, vbs or python, thus they are IMHO much more useful to a "technically oriented" community.

jaclaz

 
Posted : 14/10/2010 12:21 am
binarybod
(@binarybod)
Posts: 272
Reputable Member
Topic starter
 

@jaclaz

Don't you find that cygwin is a bit outdated now that VM's are so easy? I have a custom made Linux forensics machine with shares to all my Windows (host) machine drives and I can therefore use native Linux tools on all my Windows generated files.

MinGW is dead, surely?

Paul

 
Posted : 14/10/2010 12:28 am
 96hz
(@96hz)
Posts: 143
Estimable Member
 

My vote is for the free option every time wink

Is it that .NET GUI based app's are a larger investment in time for yourself, and hence require the need to charge ?

I agree with Jaclaz.
Personally I like cmdline tools that do one job. When scripted they can fit nicely into a workflow. GUI apps that perform the same function are indeed bloaty and dont have the same flexibility. When you are talking about an app that performs several jobs and functions then a GUI based app is the only way to go, no one wants to be at the cmd line using 20 switches and 6 arguments.

Btw thanks for Timelord I am using that more and more, a great contribution to the community

 
Posted : 14/10/2010 2:45 am
(@farmerdude)
Posts: 242
Estimable Member
 

You can always develop under QT so that you can have your application on Linux, Windows, or Mac.

Cheers!

farmerdude

www.onlineforensictraining.com

www.forensicbootcd.com

 
Posted : 23/10/2010 9:43 pm
(@a_kuiper)
Posts: 69
Trusted Member
 

Use MFC only (statically linked) and if needed just implement both application started without parameters = gui-version, with parameters cmdline-version. If you need to run it under Linux use Wine…

Cheers )

 
Posted : 23/10/2010 9:53 pm
(@jonstewart)
Posts: 47
Eminent Member
 

@jaclaz
MinGW is dead, surely?

Nope. The new mingw-get installer out there tracks GCC 4.5. I don't know whether there's a difference in the compilers shipped with VS Pro, but I found that MinGW generated considerably faster code than VS Express.

Jon

 
Posted : 23/10/2010 11:23 pm
TuckerHST
(@tuckerhst)
Posts: 175
Estimable Member
 

Another vote for the command line. It's very frustrating to work with a GUI that lacks either a batch mode or an easily-parsed output format, and I've wrestled with quite a few.

Btw, if by chance, you implement a CSV output, please do us a favor and wrap all non-value strings in double quotes? That way, if there's a string that contains a comma – say, a filename – it doesn't skew the remaining data in that record. I've seen that problem more than once.

/scott

 
Posted : 24/10/2010 4:39 am
Share: