Hi All
I am interested to hear the opinions on what the 'best' programming language would be for a newbie to use in computer forensics. Any advise is appreciated.
Regards
Ivan
Hi Ivan,
Not really a question of what is best but what is most suitable.
However python is a good starting point and a powerful tool which can be used for a wide range of applications.
http//
Is a good place to start.
-Bluebird
Thanks for the advise! much appreciated! -D
To be fair and picky, as I happen to be, (and not taking anything away from Python, that remains and excellent - if not the best - choice) that would be a scripting language much more than a programming language.
Or - even more exactly - it is (usually) an interpreted (as opposed to compiled) language.
As a matter of fact it's nature of scripting/interpreted language allows for a much wider portability across platforms ) and - even more than that - allows for easy customization/adaptation/changes/whatever to existing scripts.
jaclaz
I am interested to hear the opinions on what the 'best' programming language would be for a newbie to use in computer forensics. Any advise is appreciated.
A language that gives you access to system-level interfaces (APIs) on the platform you plan to specialize in.
I'm going to guess Windows, so that means C++ or C#, and just possibly environments such as Delphi. If it's compiled, so much the better, but it's not a must.
If you're not able to call system API functions directly, I'd say the language might be interesting, but it won't help you understand the OS platform. Which is what you've got to know, more or less.
And in case you wonder, I'm not considering how quickly you will be able to whip up a piece of code, but what kind of understanding you will get about the platform by using the language. Languages such as Python or Java hide the OS platform in order to be easily portable – that's useful from one point of view, but useless from the viewpoint I'm taking in this answer.
Assembly, specific to the CPU family you are targeting.
An alternative solution is, as mentioned Python.
There are several factors to consider, depending on what you intend to accomplish. You've gotten advice thus far about Python, C++, assembly language, each of which have different characteristics and may be appropriate for specific purposes.
What are your goals?
Are you working primarily with a commercial forensic tool like EnCase or X-Ways? Perhaps the most useful code will be something that interfaces with their APIs, so you may wish to look into EnScripts or X-Tensions.
If you want to create a program that decodes a relatively small volume of artifacts, performance may be less important than simplicity. Consider that Carvey's RegRipper was written in PERL.
If you want to create a program that handles a large volume of data and is processing intensive, you need it to be fast, arguing for a compiled language like C++/C#.
In which environment are there frameworks and libraries available to help do what you need (e.g., is a rich UI necessary to view, filter, search, and export to multiple formats or is it sufficient to direct output to a text file)?
Do you plan to share your code with the community and do you want to be able to understand and possibly contribute to other open source projects? What are other people using?
Those factors may influence you one way or another. If you're working on Windows, the decision probably comes down to Python vs C++/C#, both of which seem to be in wide use in the community. (And even Harlan Carvey says he's learning Python.)
I think the most important aspect of any language is one that allows you to manipulate bits, bytes and buffers with no restrictions. A lot of investigation will be see if certain bits are set in specific locations.
I don't know Python but would be concerned that it might be too biased towards handling strings, and numbers, rather than raw data, bits and pointers.
My vote is for C/C++ (and probably allow C#).
There are many published examples in C/C++ - being compiled means it is quick.
I live, 7 days a week with VS20?? development systems and it works.
I always suggest that decimal numbers are banned from your way of thinking, and always think in Hex. This will be most useful 98% of the time - the remaining 2% will be dealing with percentages.
I don't know Python but would be concerned that it might be too biased towards handling strings, and numbers, rather than raw data, bits and pointers.
Python does have a good framework for dealing with bytes directly - in fact it is the language used with XRY physical, which deals with reading raw mobile phone dumps (which tend not to have the luxury of filesystems).
But Python isn't so hot at GUIs, IMO - which is where something like Visual C#would be better.
Also, weirdly enough I have found EnScript to be a bigger draw on my CV than Python skills. But anecdotal evidence and all that..
There are several factors to consider, depending on what you intend to accomplish. You've gotten advice thus far about Python, C++, assembly language, each of which have different characteristics and may be appropriate for specific purposes.
What are your goals?
Are you working primarily with a commercial forensic tool like EnCase or X-Ways? Perhaps the most useful code will be something that interfaces with their APIs, so you may wish to look into EnScripts or X-Tensions.
If you want to create a program that decodes a relatively small volume of artifacts, performance may be less important than simplicity. Consider that Carvey's RegRipper was written in PERL.
If you want to create a program that handles a large volume of data and is processing intensive, you need it to be fast, arguing for a compiled language like C++/C#.
In which environment are there frameworks and libraries available to help do what you need (e.g., is a rich UI necessary to view, filter, search, and export to multiple formats or is it sufficient to direct output to a text file)?
Do you plan to share your code with the community and do you want to be able to understand and possibly contribute to other open source projects? What are other people using?
Those factors may influence you one way or another. If you're working on Windows, the decision probably comes down to Python vs C++/C#, both of which seem to be in wide use in the community. (And even Harlan Carvey says he's learning Python.)
Best answer. There are no "one size fits all" solution to programming.
Or as Scotty would say
"Use the right tool for the right job!"