Friday, March 19, 2010

Thoughts on forensic software development

by Dominik Weber

Dominik Weber
About the Author

Dominik Weber is a Senior Software Architect for Guidance Software, Inc.

Working late on a Thursday night in an otherwise pretty empty building, I pause for a moment while the debugger is stopped at a breakpoint. I am thinking of the big difference between doing it right and just making it work. Often, this subtle difference cannot be easily seen by the users.

Computer forensics has been a fascinating field to me, ever since I started working as a developer on one of the world's leading forensic products in 2001. Forensic grade software is very unique and different from many other types of software. Having worked on embedded crypto software, video games, real-time animation and motion capture makes me very aware of this disparity. In addition to the usual issues with delivering complex applications, there are several other unique items to contend with. As an example, I have to be aware of forensic methodologies like data acquisition, the internals of file systems and disk formats and the internals of operating systems. Also, I have to assume that any data can be corrupt at any point, and therefore not act the same as properly formatted data.

Robustness is not the only issue. Memory usage, processing speed, data quantity and data quality are also important. In order to write code that will fulfill all of these needs, some research is needed. This research sometimes leads to highly interesting forensic finds like the ObjectIDs on NTFS file systems (I will write about this in an upcoming article). Any research and the intricacies of the implementation also need to be documented. Aside from documentation, I work with many other departments; Quality Assurance, Technical Services and fellow application developers, sometimes debugging a crash, updating our bug tracking system, writing a sample script, creating a regression test, making a presentation - oh, and yes, I do work on the code as well: implementing new features, reviewing re-factoring and occasionally improving some old code!

Furthermore, time permitting, I try to read several forensic message boards. I appreciate the work that forensic examiners do. Thus, I like to answer questions that are in areas where I consider myself knowledgeable and with something useful to offer...

Read more

Posted by at

1 comment:

software systems development said...

I mean it is one more program addition in Computer and IT Field.
In terms of job growth, nothing beats computer forensics as a career.Computer Forensics Specialists are needed by today's companies to determine the root cause of a hacker attack, collect evidence legally admissible in court, and protect corporate assets and reputation.

2:56 AM

Post a Comment

Subscribe to: Post Comments (Atom)