When interviewing for positions over the years I have always placed a premium on someone who can code based on the premise that if you can program then you are more likely to understand what a programmer might be thinking when encoding a particular structure.
I have always been surprised at the relatively few members of the community who do code, but also accept that my interpretation may be skewed by the circle I move in, so thought I would ask the question formally - so how many of you code? and at what level?
Just for clarification, I would not class those of you who have done some programming at Uni (for the sake of this poll, although not denigrating them either) but I am interested in those who code as part of their job. I am also interested in you if you have a good understanding of code be that enscripts, C++ and perl etc., i.e. you know what inheritance and polymorphism are and can recognise their use when you see it in source code
Could you elaborate on the term forensic programmer. I think you're either a computer programmer with or without knowledge of computer forensics; option A. Or a computer forensic investigator with, some level of, or with-out knowledge of programming; most of the other options. I think it mainly depends on what your main occupation is; programming or investigating.
When interviewing for positions over the years I have always placed a premium on someone who can code based on the premise that if you can program then you are more likely to understand what a programmer might be thinking when encoding a particular structure.
Personally I find knowledge of programming very helpful in low-level research and investigative work. Being able to code is very helpful in automating repetitive tasks. But I find that knowledge of a programming language is just a small part of it. When you get past the languages; I find programming is not much about coding but more of a way of both abstract and pragmatic thinking about solutions to problems (challenges); data structures, patterns, etc.
I have always been surprised at the relatively few members of the community who do code, but also accept that my interpretation may be skewed by the circle I move in, so thought I would ask the question formally - so how many of you code? and at what level?
With level do you mean the programming language generation ?
I prefer to code in natural language although I have not yet found a compiler for it 😉
So the programming language I use depends on the goal I have with the program.
For a quick and dirty solution with a limited purpose, I prefer a high-level script language.
* bash/sed/awk or Perl good for log and text analysis;
* Python or Ruby good for somewhat more complex scripts; e.g. webpage retrieval.
Larger projects, depend on the scale and interoperability. In general I find C a good language to do most tasks; it is highly flexible and allows for low-level tricks to push performance to the max. Although some will find several aspects of the C language challenging. When a higher level language like C++, C# or Java is needed, C can be wrapped in it.
And in a few very rare situations I use Assembler or opcode.
I am also interested in you if you have a good understanding of code be that enscripts, C++ and perl etc., i.e. you know what inheritance and polymorphism are and can recognise their use when you see it in source code
Although EnScripts help to automatic tasks they are limited by the capabilities of EnCase; and I also do not like the vendor lock-in. I also want to use most of my programs cross platform.
Depends on what you mean by good understanding of code.
To give you an example I know how to read Perl, but I also know coders that can write Perl that is impossible to read. Also a good knowledge of C++ is pretty vague does your inquiry include STL, boost, template programming, compiler specific C++?
I'm familiar with the concepts inheritance and polymorphism. But you might have thrown in a bit more challenging concepts as well e.g. patterns, reflection/introspection, code generation, AOP, MDA, SOA, SIMD 😉
Joachim
Joachim
OK you have proven you know something about programming - but you have gone way beyond both the meaning and spirit of the question. I simply want to get a feel for how many of us code. Lets not over complicate things.
Joachim
OK you have proven you know something about programming - but you have gone way beyond both the meaning and spirit of the question. I simply want to get a feel for how many of us code.
FYI I mainly just replied to your questions.
BTW in light of this forum actually I haven't proven anything 😉
Lets not over complicate things.
KISS that's commonly used concept in programming, isn't it 😉
FYI I mainly just replied to your questions.
OK i see what you mean - my post was meant to flesh out the short poll question line, but I see why you responded in depth - not what I was after but I guess I need to be more specific next time )
I write fairly simple tools when I'm bored.
I voted for 'very proficient at reading code', although I think the truth is somewhere between there and 'struggle to understand code'. Obviously I'm better at reading some languages, because yes I did code at uni but have done little more than some MS Access/Excel VBA and HTML since then.
First of all, I would agree with joachimm in that there is no such thing as "forensic programmer". As joachimm said, there is only a "computer programmer with or without knowledge of computer forensics".
Which, again, is not exactly correct, as there are no real requirements imposed by digital forensic science that a computer programmer with knowledge of software engineering principles would not have already accounted for in his/her design and code.
Also, there is no such thing as a person who can only "read" a piece of code and understand it properly, with anything approaching credibility, if they are not actually able to write code. You can understand bits of it, but not necessarily how it all fits together, or whether what you understand is what really is there.
To be honest and with no intention of starting a flamewar (that goes to everybody), sandy771, when I first started in DF, I was frankly amazed and flabbergasted when I found out that one could be a DF person without any coding (or software engineering, for that matter) skills.
Now, I wouldn't totally dismiss people who learned programming in Uni. This is too broad a generalisation. I, personally, would take them into some account. You'll find its amazing how much coding some universities get students to do (1st assignment of 1st year BSc Computing students in the University of Crete, Greece "Write a compiler in the C programming language", delivery in 1 week, with the rest of the BSc going the same way). The point, here, is You don't know and can't predict how much or little coding Uni students have done. So don't take them out of the equation.
Likewise for those who code for a living. They may or may not have good coding skills and, unless they're open-source programmers and have code out there or have published code on SourceForge or any other open repo, you don't know what they know.
Also, polymorphism and encapsulation are both nice and dandy, but so is inheritance and so is abstraction and all of them are used in Object-Oriented Programming and Design. I would place much more value in a person knowing what "coupling" and "cohesion" mean in OOD, for one thing, and what the OOP & OOD principles are, for another. MUCH better indicator of someone knowing Object-Oriented design and programming. Hint An even BETTER indicator would be if they knew Software Engineering and at least 2 of the s/w eng. models out there.
And, as for C++, its fun (in a rather S&M way, if one dares read Stroustrup's book even for a laugh) if you're into OOP and not into Java/C#/.NET/Mono, but google "torvalds on C++" and read Torvalds's comments on C++ which are actually both funny as hell and amazingly logical. Anyway, I've strayed off my point, which is this Why C++ and OOP specifically?
A little advice OOP is nice and easy because ALL you do is link methods from X amounts of libraries to form a program, but ALL you end up doing is linking methods from libraries which are available to you through interfaces which are open, which are linked to classes & methods which are closed. So, how do you know what they really do/are doing, under the hood? And to those who go "Why should we care?", my reply is, as DF people, why should you _not_ care?
My apologies if what I said seems nasty/provocative/flame-bate-ish, I did not mean them to be anything of the sort.
Thanks for the advice!!
Personally I have been writing code to access disk/tape images and reverse engineering file systems and file formats in a full time forensics role for over 17 years now - despite what you may think, I think that makes me a forensic programmer, i.e. a programmer with a very good knowledge of file/filesystem and hardware/image access techniques and whos programming time is spent almost exclusively in this field. As opposed to someone who can code a web page, query a database or write a word processor - the skill set is different, not everyone can look at a hex dump and work out what it means.
The requirements when writing an app for release (as opposed to a quick and dirty script to help with a particular problem) also mean that you need an understanding of what an end user (an investigator) needs and dont just write what you think they need (and there are lots of examples where this has been done). I would argue that in general the person best equipped to do this is someone who has some experience of doing an investigation. This doesn't mean that someone with no forensics experience couldnt write good forensics software.
The option re "reading code" covers those that learnt in uni (or elsewhere) but dont code in their day to day job - which is sort of implied by the rest of the questions. There are plenty of people I know who havent coded for a long time, or maybe never programmed outside of academia, but can read a bit of asp or java script and work out what it is doing - I have had some extremely well respected forensics bods working for me who fall into this camp. The poll in general is not aimed at them.
Anyway the question, as I stated above, was just intended to get a feel for how many of us program - Over 800 views and less than 40 responses leads me to think that, as I thought, the majority of us dont.
Of course there are a huge number of non coders out there who are very capabale and well respected forensic investigators - I just had an idle interest into how many of us fall into both camps - sort of regret asking the question now )
Right back to writing some forensic code - gotta make my living.
I've not answered - not really being a Forensic practicioner, however there are two points of interest - (1) being able to program, at _some_ level is useful in nearly all aspects of IT, and we have to remember that interpreted languages such as Office VB/Macros/Shell Scripts are, strictly speaking, programming (2) OO and programing are not the same thing - I can program, reasonably proficently, but only in non-OO languages ( or only using the non-OO features of languages ) and, in the main, I find this all that is required. I've tried to learn OO, but I always get bored, find that I actually need to _do_ something in a language and take the path of least resistance !
The ability to read code is a different thing for me, I can read ( just ) code in most languages to a certain extent, although I wouldn't necessarily pick up more than the gist of it ( much as I can read most European languages from slightly better knowledge of three of them ). An interesting side topic would be Which language could you learn that would be most beneficial in reading, at least at a superficial level other languages ? ( I would, incidentally suggest C and French depending on which you are talking about ).
There is another interesting consideration that you might like to think about at an _interview_ level, which is how much understanding does a candidate have of the concept of algorithms and working through the options - one of my university interview questions for a CompSci degree was I have a shuffled pack of cards, how could I sort them ? To me, logic is more important than skill, especially where the skill isn't a key component of the job. Similarly - nowadays we ask candidates to explain PKI, not the mathematical algorithms ( not that it always helps some of them ! ). Similarly, experience of a given methodology ( Agile, Scrum etc. ) might have more value in some scenarios.
As an aside, a friend of mine hires for a major investment bank, where he is a senior programmer - and he doesn't ask _any_ programming questions at his interviews - just logic puzzles to see if they can cope with the academic demands of the job.