Notifications
Clear all

Assembly

4 Posts
3 Users
0 Reactions
619 Views
(@eatondan)
Active Member
Joined: 15 years ago
Posts: 5
Topic starter  

Hi, i am fairly new to computer forensics, but not so much to computers. I have been fiddling with computers for going on 5 years, have run gaming servers, and am on the final stretch of an IT degree. Throughout my education i have picked up quite a few languages and a few mates have told me that to appropriately appreciate exploits that i should learn assembly.

I do not know if this is the correct course but it seems logical. I cant imagine too many exploits being written in code that isnt exportable across architectures thus making assembly harder to use as an exploit basis so i come to the conclusion that most viruses are written in high level languages. but if attacking a particular system it seems to make more sense to attack an OS thus a knowledge of how it works and the language its built upon seems logical. I am a bit confused and understand that this is not forensics per se but I think that a good knowledge in all areas of IT is required to actually carry out forensic analysis which spurs this question. If this topic is sensitive, whimsical or irrelevant i apologise, i am just looking for paths to follow to expand my education.


   
Quote
(@xennith)
Estimable Member
Joined: 15 years ago
Posts: 177
 

Viruses, malware, droppers, worms etc are written in higher level languages and compiled for the target platform. Shellcode is written in assembly.

An understanding of assembly is also useful when you're doing either propogation of virus code, crypting, or reverse engineering. Sure, its great knowledge to have but its really not neccessary.


   
ReplyQuote
(@eatondan)
Active Member
Joined: 15 years ago
Posts: 5
Topic starter  

That makes sense, thank you for the reply


   
ReplyQuote
(@Anonymous 6593)
Guest
Joined: 17 years ago
Posts: 1158
 

Throughout my education i have picked up quite a few languages and a few mates have told me that to appropriately appreciate exploits that i should learn assembly.

The main reason is, in my opinion, to get a better understanding of a CPU (and some supporting chips) operates, and to be able to understand and analyze unknown code from a disassembler or such.

Most exploits are targeted to much higher-level structures, so you won't really understand what is going on unless you also have a very good grasp of OS or service operation and internals – and in some cases even how run-time libraries operate. (For exampling, hunting the kind of indirections that appear in code produced by a compiler for an object-oriented language is not helped very much by knowledge of assembler.)

That is don't overestimate the importance of assembler knowledge. I'd say that a properly educated computer forensic investigator should have a decent knowledge of assembler language (which includes its dialects) for at least the Intel range of processors. However, I regard the knowledge as education, and not as training.

I am a bit confused and understand that this is not forensics per se …

Perhaps I should expand a little on my last statement.

I forget who it was who pointed out that forensic pathologists are typically medical doctors/physicians in the first place, and often researchers in the second (i.e. they have post-graduate studies, and not improbable a degree of some kind), and only on top of that do their forensic specialization come, and argued that that educational structure is not obviously matched in the field of computer forensics.

If computer forensics should be considered one of the forensic sciences, it probably needs its practitioners to have a comparable broad and general education in the IT field, as well as the specialized training that goes with forensics in general and computer-related forensics in particular.

I'd say knowledge of assembler language comes in the 'general IT education area'.

That is, I think you are spot on … provided you are going for an education, and not just for training.


   
ReplyQuote
Share: