Authors: Matthew Seyer, KPMG
DFRWS USA 2020
Time: 2 hours
Python is a go to language choice for forensic investigators when creating DFIR tools, however, when speed is a needed factor, Python is not always the best choice. This workshop will introduce you to basic techniques that most forensic tools require. It focuses on writing Rust with similar code comparison of Python so you can visually see how a method in Python might be implemented in Rust for familiarity. During this workshop you will write Rust code and learn things like setting up a rust project, importing libraries, adding arguments to your command line tool, parse binary data into structures, handle errors, serialize your parsed data into JSON, and create tests for your code, and have a forensics tool to show for it!
As prerequisites, please have Visual Code and Rustup installed on your system if you want to participate in code writing.
If you’d like to program in Rust and Python during the workshop, please install the following:
- Visual Studio – https://code.visualstudio.com/
- Python 3.x – https://www.python.org/downloads/
- Rust – https://rustup.rs