•  
  •  
 

Abstract

The paper evaluates the suitability of the Rust ecosystem for forensic tool development. As a case study, a forensic tool named Stringsext is developed. Starting from analyzing the specefic requirements of forensic software in general and those of the present case study, all stages of the software development life-cycle are executed and evaluated. Stringsext is a re-implementation and enhancement of the GNU-strings tool, a widely used program in forensic investigations. Stringsext recognizes Cyrillic, CJKV East Asian characters and other scripts in all supported multi-byte-encodings while GNU-strings fails in finding these in UTF-16 and other encodings. During the case study it has become apparent that the Rust ecosystem provides good support for secure coding principles and unit testing. Furthermore, the bench-marks showed a satisfactory performance of the resulting Stringsext binaries comparable to the original C version.

References

Beckett, J., & Slay, J. (2007). Digital forensics: Validation and verification in a dynamic work environment. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference (p. 266a-266a). IEEE.

Berinato, S. (2007, June). The Rise of Anti Forensics. http://www.csoonline.com/ article/2122329.

Consult, S. (2017, May). Chainsaw of Custody: Manipulating forensic evidence the easy way.

Corporation, M. (2016). CWE - Common Weakness Enumeration, a Community-Developed Dictionary of Software Weakness Types. https://cwe.mitre.org/.

Craiger, P., Swauger, J., Marberry, C., & Hendricks, C. (2006). Validation of digital forensics tools. Digital crime and forensic science in cyberspace. Hershey, PA: Idea Group Inc, 91-105.

Cygnus-Solutions. (1999, May). Log message: Sourceware import. https://sourceware.org/ ml/binutils-cvs/ 1999-q2/msg00000.html.

Eggendorfer, T. (2016, July). IT forensics. Why post-mortem is dead. Cyber Security Summer School 2016: Digital Forensics, Technology and Law. Tallinn University of Technology.

Fulgham, B., & Gouy, I. (2019, February). Computer Language Benchmarks Game: C++ versus Rust. https://benchmarksgame-team.pages.debian.net/benchmarksgame/ faster/ rust.html.

Getreu, J. (2017). Forensic-Tool Development with Rust (Unpublished doctoral dissertation). Tallinn University of Technology, Tallinn.

Getreu, J. (2018). Stringsext, a GNU Strings Alternative with Multi-Byte-Encoding Support. Tallinn.

Harichandran, V. S., Walnycky, D., Baggili,I., & Breitinger, F. (2016). CuFA: A more formal definition for digital forensic artifacts. Digital Investigation, 18 , S125-S137.

The-Rust-Project-Developers. (2017). The Rustonomicon.

The-Rust-Team. (2019, January). Rust Documentation. https://doc.rust-lang.org/.

Zalewski, M. (2014, October). PSA: Don't run 'strings' on untrusted files (CVE-2014-8485).

DOI

https://doi.org/10.15394/jdfsl.2019.1607

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.