views:

114

answers:

2

Hi folks, Just wondering if anyone out there has any experiance working with java (as appose to c/c++) in a digital forensics environment and if so could they advise me as to problems or advantages they may have encountered? Cheers

+1  A: 

yes, you can do it all in Java, if there are something that must be done in C , you have JNI package through which you can call 'dangerous' routines. Java grants you robustness, security model,scalability is not big issue... you don't have to cope with 64 bit OS, or optimizing your code to take advantage of multiples CPU-s, you will find it odd but true: your software might run faster in Java than in C. If you are not average developer, if you are familiar with CPU structure, understand machine code and handling with registers thorughly, then forget my text, you might have it done better in C.

ante.sabo
Thanks thats brillent
Nick
u welcome - this sound challenging, r u hiring?
ante.sabo
Nope, taking it on as a project. Should be interesting to say the least.
Nick
+1  A: 

We have been moving our forensics code from C++ and Python to Java for the following reasons:

  • We are concerned about how corrupt data may impact our tools; with Java it is less of an issue.
  • Single Java binary will run on 32bit and 64bit systems
  • Better exploitation of threads.

Our initial results are quite promising: bulk_extractor ported from C++ to Java ran 3x faster! We were amazed. We think that this is because jflex produces a faster FSM than flex.

The main problem is that there are no good open source Java forensic file systems, and there are no JNI bindings for SleuthKit. One of our workarounds is to extract all of the metadata from a disk image using fiwalk into an XML blob and then process the XML in java.

To download these tools, check out http://afflib.org/

vy32
makes sence...cheers
Nick