Enhancing Forensic-Tool Security with Rust: Development of a String Extraction Utility
The paper evaluates the suitability of the Rust ecosystem for forensic tool development. As a case study, a forensic tool named Stringsext is developed. Starting from analyzing the specefic requirements of forensic software in general and those of the present case study, all stages of the software development life-cycle are executed and evaluated. Stringsext is a re-implementation and enhancement of the GNU-strings tool, a widely used program in forensic investigations. Stringsext recognizes Cyrillic, CJKV East Asian characters and other scripts in all supported multi-byte-encodings while GNU-strings fails in finding these in UTF-16 and other encodings. During the case study it has become apparent that the Rust ecosystem provides good support for secure coding principles and unit testing. Furthermore, the bench-marks showed a satisfactory performance of the resulting Stringsext binaries comparable to the original C version.
Beckett, J., & Slay, J. (2007). Digital forensics: Validation and verification in a dynamic work environment. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference (p. 266a-266a). IEEE.
Berinato, S. (2007, June). The Rise of Anti Forensics. http://www.csoonline.com/ article/2122329.
Consult, S. (2017, May). Chainsaw of Custody: Manipulating forensic evidence the easy way.
Corporation, M. (2016). CWE - Common Weakness Enumeration, a Community-Developed Dictionary of Software Weakness Types. https://cwe.mitre.org/.
Craiger, P., Swauger, J., Marberry, C., & Hendricks, C. (2006). Validation of digital forensics tools. Digital crime and forensic science in cyberspace. Hershey, PA: Idea Group Inc, 91-105.
Cygnus-Solutions. (1999, May). Log message: Sourceware import. https://sourceware.org/ ml/binutils-cvs/ 1999-q2/msg00000.html.
Eggendorfer, T. (2016, July). IT forensics. Why post-mortem is dead. Cyber Security Summer School 2016: Digital Forensics, Technology and Law. Tallinn University of Technology.
Fulgham, B., & Gouy, I. (2019, February). Computer Language Benchmarks Game: C++ versus Rust. https://benchmarksgame-team.pages.debian.net/benchmarksgame/ faster/ rust.html.
Getreu, J. (2017). Forensic-Tool Development with Rust (Unpublished doctoral dissertation). Tallinn University of Technology, Tallinn.
Getreu, J. (2018). Stringsext, a GNU Strings Alternative with Multi-Byte-Encoding Support. Tallinn.
Harichandran, V. S., Walnycky, D., Baggili,I., & Breitinger, F. (2016). CuFA: A more formal definition for digital forensic artifacts. Digital Investigation, 18 , S125-S137.
The-Rust-Project-Developers. (2017). The Rustonomicon.
The-Rust-Team. (2019, January). Rust Documentation. https://doc.rust-lang.org/.
Zalewski, M. (2014, October). PSA: Don't run 'strings' on untrusted files (CVE-2014-8485).
Getreu, Jens and Maennel, Olaf
"Enhancing Forensic-Tool Security with Rust: Development of a String Extraction Utility,"
Journal of Digital Forensics, Security and Law: Vol. 14
, Article 4.
Available at: https://commons.erau.edu/jdfsl/vol14/iss2/4