Programming Languag...
 
Notifications
Clear all

Programming Language for CF  

  RSS
ivandavids
(@ivandavids)
New Member

Hi All

I am interested to hear the opinions on what the 'best' programming language would be for a newbie to use in computer forensics. Any advise is appreciated.

Regards

Ivan

Quote
Posted : 06/02/2015 4:09 pm
BlueBird23
(@bluebird23)
New Member

Hi Ivan,

Not really a question of what is best but what is most suitable.

However python is a good starting point and a powerful tool which can be used for a wide range of applications.

http//www.codecademy.com/en/tracks/python

Is a good place to start.

-Bluebird

ReplyQuote
Posted : 06/02/2015 4:13 pm
ivandavids
(@ivandavids)
New Member

Thanks for the advise! much appreciated! -D

ReplyQuote
Posted : 06/02/2015 4:45 pm
jaclaz
(@jaclaz)
Community Legend

To be fair and picky, as I happen to be, (and not taking anything away from Python, that remains and excellent - if not the best - choice) that would be a scripting language much more than a programming language.
Or - even more exactly - it is (usually) an interpreted (as opposed to compiled) language.

As a matter of fact it's nature of scripting/interpreted language allows for a much wider portability across platforms ) and - even more than that - allows for easy customization/adaptation/changes/whatever to existing scripts.

jaclaz

ReplyQuote
Posted : 06/02/2015 6:34 pm
athulin
(@athulin)
Community Legend

I am interested to hear the opinions on what the 'best' programming language would be for a newbie to use in computer forensics. Any advise is appreciated.

A language that gives you access to system-level interfaces (APIs) on the platform you plan to specialize in.

I'm going to guess Windows, so that means C++ or C#, and just possibly environments such as Delphi. If it's compiled, so much the better, but it's not a must.

If you're not able to call system API functions directly, I'd say the language might be interesting, but it won't help you understand the OS platform. Which is what you've got to know, more or less.

And in case you wonder, I'm not considering how quickly you will be able to whip up a piece of code, but what kind of understanding you will get about the platform by using the language. Languages such as Python or Java hide the OS platform in order to be easily portable – that's useful from one point of view, but useless from the viewpoint I'm taking in this answer.

ReplyQuote
Posted : 06/02/2015 8:04 pm
jhup
 jhup
(@jhup)
Community Legend

Assembly, specific to the CPU family you are targeting.

An alternative solution is, as mentioned Python.

ReplyQuote
Posted : 06/02/2015 11:20 pm
TuckerHST
(@tuckerhst)
Active Member

There are several factors to consider, depending on what you intend to accomplish. You've gotten advice thus far about Python, C++, assembly language, each of which have different characteristics and may be appropriate for specific purposes.

What are your goals?

Are you working primarily with a commercial forensic tool like EnCase or X-Ways? Perhaps the most useful code will be something that interfaces with their APIs, so you may wish to look into EnScripts or X-Tensions.

If you want to create a program that decodes a relatively small volume of artifacts, performance may be less important than simplicity. Consider that Carvey's RegRipper was written in PERL.

If you want to create a program that handles a large volume of data and is processing intensive, you need it to be fast, arguing for a compiled language like C++/C#.

In which environment are there frameworks and libraries available to help do what you need (e.g., is a rich UI necessary to view, filter, search, and export to multiple formats or is it sufficient to direct output to a text file)?

Do you plan to share your code with the community and do you want to be able to understand and possibly contribute to other open source projects? What are other people using?

Those factors may influence you one way or another. If you're working on Windows, the decision probably comes down to Python vs C++/C#, both of which seem to be in wide use in the community. (And even Harlan Carvey says he's learning Python.)

ReplyQuote
Posted : 07/02/2015 12:50 am
mscotgrove
(@mscotgrove)
Senior Member

I think the most important aspect of any language is one that allows you to manipulate bits, bytes and buffers with no restrictions. A lot of investigation will be see if certain bits are set in specific locations.

I don't know Python but would be concerned that it might be too biased towards handling strings, and numbers, rather than raw data, bits and pointers.

My vote is for C/C++ (and probably allow C#).

There are many published examples in C/C++ - being compiled means it is quick.

I live, 7 days a week with VS20?? development systems and it works.

I always suggest that decimal numbers are banned from your way of thinking, and always think in Hex. This will be most useful 98% of the time - the remaining 2% will be dealing with percentages.

ReplyQuote
Posted : 07/02/2015 11:12 pm
Chris_Ed
(@chris_ed)
Active Member

I don't know Python but would be concerned that it might be too biased towards handling strings, and numbers, rather than raw data, bits and pointers.

Python does have a good framework for dealing with bytes directly - in fact it is the language used with XRY physical, which deals with reading raw mobile phone dumps (which tend not to have the luxury of filesystems).

But Python isn't so hot at GUIs, IMO - which is where something like Visual C#would be better.

Also, weirdly enough I have found EnScript to be a bigger draw on my CV than Python skills. But anecdotal evidence and all that..

ReplyQuote
Posted : 09/02/2015 3:33 pm
MDCR
 MDCR
(@mdcr)
Active Member

There are several factors to consider, depending on what you intend to accomplish. You've gotten advice thus far about Python, C++, assembly language, each of which have different characteristics and may be appropriate for specific purposes.

What are your goals?

Are you working primarily with a commercial forensic tool like EnCase or X-Ways? Perhaps the most useful code will be something that interfaces with their APIs, so you may wish to look into EnScripts or X-Tensions.

If you want to create a program that decodes a relatively small volume of artifacts, performance may be less important than simplicity. Consider that Carvey's RegRipper was written in PERL.

If you want to create a program that handles a large volume of data and is processing intensive, you need it to be fast, arguing for a compiled language like C++/C#.

In which environment are there frameworks and libraries available to help do what you need (e.g., is a rich UI necessary to view, filter, search, and export to multiple formats or is it sufficient to direct output to a text file)?

Do you plan to share your code with the community and do you want to be able to understand and possibly contribute to other open source projects? What are other people using?

Those factors may influence you one way or another. If you're working on Windows, the decision probably comes down to Python vs C++/C#, both of which seem to be in wide use in the community. (And even Harlan Carvey says he's learning Python.)

Best answer. There are no "one size fits all" solution to programming.

Or as Scotty would say
"Use the right tool for the right job!"

ReplyQuote
Posted : 19/02/2015 10:13 am
raydenvm
(@raydenvm)
Junior Member

Python is no.1 here as for me. This language has a low entry threshold for everybody. Syntax is just easy. It has a lot of libraries and frameworks, high abilities to integrate into anything. And also tooling is really nice at this point, Jetbrains PyCharm is probably the best IDE now.

Alternatively, I would advise to benefit from Java. This language and its platform have the largest amount of different libraries/frameworks in the world. So you won't need to invent a bicycle.

ReplyQuote
Posted : 19/02/2015 1:56 pm
joachimm
(@joachimm)
Active Member

I am interested to hear the opinions on what the 'best' programming language would be for a newbie to use in computer forensics.

First of all there is no "best" or "worst", there are pros and cons.

It will depend on your needs/circumstance how to weigh these.
A programming language is a means to an end, though some people make it a religion

You not only need to consider the language also the environment in which you program
Do you need low level access e.g. to a GPU? Or do you want to make something web-based?

Also how maintainable should your code be, e.g. are you writing a one-off or you want to build something more maintainable over time.

So my questions to you what do you want to accomplish? What is your current programming expertise?

ReplyQuote
Posted : 20/02/2015 12:51 am
Share: