Digital forensics investigations often consist of analyzing large quantities of data. The software tools used for analyzing such data are constantly evolved to cope with a multiplicity of versions and variants of data formats. This process of customization is time consuming and error prone. To improve this situation we present DERRIC, a domain-specific language (DSL) for declaratively specifying data structures. This way, the specification of structure is separated from data processing. The resulting architecture encourages customization and facilitates reuse. It enables faster development through a division of labour between investigators and software engineers. We have performed an initial evaluation of DERRIC by constructing a data recovery tool. This so-called carver has been automatically derived from a declarative description of the structure of JPEG files. We compare it to existing carvers, and show it to be in the same league both with respect to recovered evidence, and runtime performance.

Unspecified
ACM
R.N. Taylor , H. Gall , N. Medvidović
Domain Specific Languages: A Big Future for Small Programs
International Conference on Software Engineering
Software Analysis and Transformation

van den Bos, J., & van der Storm, T. (2011). Bringing Domain-Specific Languages to Digital Forensics. In R. N. Taylor, H. Gall, & N. Medvidović (Eds.), Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011) (pp. 671–680). ACM.