Title :
Bringing domain-specific languages to digital forensics
Author :
Van den Bos, Jeroen ; Van der Storm, Tijs
Author_Institution :
Netherlands Forensic Inst., The Hague, Netherlands
Abstract :
Digital forensics investigations often consist of analyzing large quantities of data. The software tools used for analyzing such data are constantly evolving to cope with a multiplicity of versions and variants of data formats. This process of customization is time consuming and error prone. To improve this situation we present DERRIC, a domain-specific language (DSL) for declaratively specifying data structures. This way, the specification of structure is separated from data processing. The resulting architecture encourages customization and facilitates reuse. It enables faster development through a division of labour between investigators and software engineers. We have performed an initial evaluation of DERRIC by constructing a data recovery tool. This so-called carver has been automatically derived from a declarative description of the structure of JPEG files. We compare it to existing carvers, and show it to be in the same league both with respect to recovered evidence, and runtime performance.
Keywords :
computer forensics; data analysis; data structures; formal specification; DERRIC; JPEG files; carver; data analysis; data recovery tool; data structure specification; declarative description; digital forensics; domain-specific languages; software tools; Algorithm design and analysis; Data analysis; Digital forensics; Documentation; Encoding; Generators; Transform coding; data description languages; digital forensics; domain-specific languages; model-driven engineering;
Conference_Titel :
Software Engineering (ICSE), 2011 33rd International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4503-0445-0
Electronic_ISBN :
0270-5257
DOI :
10.1145/1985793.1985887
