Thoughts on digital forensics

I’m studying cyber security and investigations at the moment and the current course is digital forensics. It is fascinating learning about how folks try to hide their digital tracks, and it is also mildly terrifying to realise how much data can be recovered. I’m deep in hex viewers, write blockers, and various tools for analysing data.

It is quite a shock to find that the tools for digital forensics that we are using in class are  mostly trial versions of expensive proprietary tools. Also it appears that there are very few UX people involved in the development of most tools, as they are mostly rather utilitarian.

There are very few open standards and not many open source tools. Among the tools that I have found to be useful are Autopsy and ExifTool.

UPDATE: via some nice folks on Twitter (hi  and ) I’ve discovered some interesting new tools and also Eric’s blog binary foray.

There is a good list here: The Best Open Source Digital Forensic Tools

GhidraInterestingly the the US National Security Agency (NSA) has recently released their GHIDRA tool. This nifty tool is a reverse engineering tool, and its capabilities include disassembly, assembly, decompilation, graphing and scripting. The open sourcing of this tool is a major disruptor of the incumbent’s proprietary and rather expensive toolset. Good idea NSA!

Author: Kate Carruthers

Kate Carruthers is Chief Data & Insights Officer for UNSW Sydney, and is also an Adjunct Senior Lecturer in the School of Computer Science & Engineering. She is a Certified Information Security Manager and is currently undertaking postgraduate studies terrorism and security. Kate has extensive experience in senior roles in ICT, marketing, data and digital; and is a member of the NSW Government’s Data Analytics Centre Advisory Board.