[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article
Open access

Sharpening Your Tools: Updating bulk_extractor for the 2020s

Published: 28 March 2023 Publication History

Abstract

This article presents our experience updating the high-performance Digital forensics tool BE (bulk_extractor) a decade after its initial release. Between 2018 and 2022, we updated the program from C++98 to C++17. We also performed a complete code refactoring and adopted a unit test framework. DF tools must be frequently updated to keep up with changes in the ways they are used. A description of updates to the bulk_extractor tool serves as an example of what can and should be done.

References

[1]
Andrade, C. 2018. Internal, external, and ecological validity in research design, conduct, and evaluation. Indian Journal of Psychological Medicine 40(5), 498?499; https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6149308/.
[2]
Barker, R., Roginsky, A. 2019. Transitioning the use of cryptographic algorithms and key lengths. National Institute of Standards and Technology, Special Publication 800-131A, revision 2; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
[3]
Beck, K. 2002. Test-Driven Development: By Example. Addison-Wesley Professional.
[4]
BitCurator; https://bitcurator.net/.
[5]
Brooks, F. P. 1975. The Mythical Man-Month?Essays on Software Engineering. Addison-Wesley.
[6]
Catch2. GitHub; https://github.com/catchorg/Catch2.
[7]
Cellebrite. Blackbag technology software user license agreements; https://cellebrite.com/en/blackbag-agreements/.
[8]
cxxopts. GitHub; https://github.com/jarro2783/cxxopts.
[9]
Donnelly, C., Stallman, R. M. Bison?the Yacc-compatible parser generator. Free Software Foundation; https://www.gnu.org/software/bison/manual/; ftp://ftp.gnu.org/pub/gnu/bison/.
[10]
Flex?fast lexical analyzer generator, GNU software package; https://github.com/westes/flex.
[11]
Fowler, M. 2018. Refactoring: Improving the Design of Existing Code, Second Edition. Addison-Wesley Professional.
[12]
Garfinkel, S. L. 2013. Digital forensics. American Scientist 101(5), 370-377; https://www.americanscientist.org/article/digital-forensics.
[13]
Garfinkel, S. L. 2013. Digital media triage with bulk data analysis and bulk_extractor. Computers and Security 32(C), 56?72; https://dl.acm.org/doi/10.5555/2748150.2748581.
[14]
Garfinkel, S. 1992. SBook: Simson Garfinkel's Address Book, Version 2.0, Simson Garfinkel and Associates; https://simson.net/ref/1992/SBook20.pdf.
[15]
Garfinkel, S. L., Farrell, P., Roussev, V., Dinolt, G. 2009. Bringing science to digital forensics with standardized forensic corpora. In Digital Investigation, Proceedings of the Ninth Annual Digital Forensic Research Workshop 6 (supplement); https://www.sciencedirect.com/science/article/pii/S1742287609000346.
[16]
Garfinkel, S., 2013. Digital media triage with bulk data analysis and bulk_extractor. Computers and Security 32, 56-72.
[17]
Garfinkel, S., Shelat, A. 2003. Remembrance of data passed. IEEE Security and Privacy 1(1), 17?27; https://dl.acm.org/doi/abs/10.1109/MSECP.2003.1176992.
[18]
Liu, J., Moore, R. T. 2015. An overview of the NSA's declassified intelligence oversight board reports. Lawfare; https://www.lawfareblog.com/overview-nsas-declassified-intelligence-oversight-board-reports.
[19]
Marlinspike, M. 2021. Exploiting vulnerabilities in cellebrite UFED and physical analyzer from an app's perspective. Signal; https://signal.org/blog/cellebrite-vulnerabilities/.
[20]
National Institute of Justice. 2004. Forensic examination of digital evidence: a guide for law enforcement; https://www.ojp.gov/pdffiles1/nij/199408.pdf.
[21]
Office of Deputy Assistant Secretary of Defense, Systems Engineering. 2011. Value engineering: a guidebook of best practices and tools; https://www.usace.army.mil/Portals/2/docs/Value%20Engineering/DoD%20SD-24_VE%20Handbook.pdf.
[22]
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D. 2012. AddressSanitizer: a fast address sanity checker. In Proceedings of the Usenix Annual Technical Conference, 28; https://dl.acm.org/doi/10.5555/2342821.2342849.
[23]
Serebryany, K., Iskhodzhanov, T. 2009. ThreadSanitizer: data race detection in practice. In Proceedings of the Workshop on Binary Instrumentation and Applications, 62-71; https://dl.acm.org/doi/10.1145/1791194.1791203.
[24]
Stroustrup, B. 2013. The C++ Programming Language, Fourth Edition. Addison-Wesley; https://www.stroustrup.com/4th.html.
[25]
Young, W. D., Boebert, W., Kain, R. 1985. Proving a computer system secure. The Scientific Honeyweller 6(2), 18?27.

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Queue
Queue  Volume 21, Issue 1
Data Science
January/February 2023
125 pages
ISSN:1542-7730
EISSN:1542-7749
DOI:10.1145/3589655
Issue’s Table of Contents
This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2023
Published in QUEUE Volume 21, Issue 1

Check for updates

Qualifiers

  • Research-article
  • Popular
  • Editor picked

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 8,977
    Total Downloads
  • Downloads (Last 12 months)2,547
  • Downloads (Last 6 weeks)341
Reflects downloads up to 23 Jan 2025

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media