Question: forensic oriented scripting or programming courses
I was just wondering if anyone knew of any forensically centered programming or scripting courses out there?
I realize there are a lot of places to study Python, Perl, Bash, Power Shell, etc. But I was wondering if anyone knew of any places that might be offering these courses in a format specifically oriented toward forensics.
Just to point out the obvious, as you never know Guidance run a course on the EnScript language, which is used in EnCase. It is based on C.
Also, Violent Python is a pretty cool book for examples of how to use Python to do forensic-y stuff.
….forensically centered programming…
…these courses in a format specifically oriented toward forensics.
Honestly, I'm not sure what either of those statements mean.
Programming is a tool, and you can make it do anything you want. The only difference between someone writing games and someone writing to solve a problem in the DFIR area is the goal, and what they hope to achieve.
The only difference between someone writing games and someone writing to solve a problem in the DFIR area is the goal, and what they hope to achieve.
Sure ) ; Encase scripts (but also PERL) are very popular among game programmers, and as you may well know it's years that the debate about DirectX vs. OpenGL is a key one among forensic programmers. wink
Champlain College offers a Scripting for Digital Forensics class in their online masters program curriculum.
Champlain needs to do a lot of work on that course before I would ever recommend anyone take it.
I would suggest that a lot of forensics is involved with dealing with raw data structures. For this I suggest you look very closely at the 'C' based languages, in particular C and C++. They handle structures, bits and pointers very easily.
I once tried to something similar with PHP and was immediately VERY frustrated.
In some respects, the best language is one you can understand and know. C will let you do anything, but at the same time this can mean it will not protect you from some silly mistakes. After 31 years with C (C++) I have no intention of changing, but I am sure others will have different views.
Another big choice you need to investigate is a development environment. Again, after 20 years of Visual Studio, I have no intents to change, though I prefer 2010 to 2012.
When programming THINK in Hex, not decimal. 99% of the time it is a better way of describing most numbers
Programming is a tool, Forensics produces problems you want to solve/analyse.
I would hesitate to recommend any language over any other, really.
I mentioned EnScript as it is built into EnCase, but then XRY uses Python so that could be a good choice, too. And I personally enjoyed Violent Python, which is why I thought that might be a good resource.
But I guess that any programming language should, once you are proficient enough, one day be able to assist you with an examination or investigation in some manner. So maybe the best advice is to try a few different languages and see which one you like best?
Of course while being careful NOT to shoot one's foot wink
You shoot yourself in the foot and then brag for hours about how much more elegantly you did it than if you had been using C or (God forbid) Perl.
You create a gun module, a gun class, a foot module, and a foot class. After realizing you can't point the gun at the foot, you pass a reference to the gun to a foot object. After the foot is blown up, the gun object remains alive for eternity, ready to shoot all future feet that may happen to appear.