Thoughts on digital forensics

I’m studying cyber security and investigations at the moment and the current course is digital forensics. It is fascinating learning about how folks try to hide their digital tracks, and it is also mildly terrifying to realise how much data can be recovered. I’m deep in hex viewers, write blockers, and various tools for analysing data.

It is quite a shock to find that the tools for digital forensics that we are using in class are  mostly trial versions of expensive proprietary tools. Also it appears that there are very few UX people involved in the development of most tools, as they are mostly rather utilitarian.

There are very few open standards and not many open source tools. Among the tools that I have found to be useful are Autopsy and ExifTool.

UPDATE: via some nice folks on Twitter (hi  and ) I’ve discovered some interesting new tools and also Eric’s blog binary foray.

There is a good list here: The Best Open Source Digital Forensic Tools

GhidraInterestingly the the US National Security Agency (NSA) has recently released their GHIDRA tool. This nifty tool is a reverse engineering tool, and its capabilities include disassembly, assembly, decompilation, graphing and scripting. The open sourcing of this tool is a major disruptor of the incumbent’s proprietary and rather expensive toolset. Good idea NSA!