Forensic scripting best practices
Forensic best practices play a big part in what we do and, traditionally, refer to handling or acquiring evidence. However, we've designated some forensic best practices of our own when it comes to programming, as follows:
- Do not modify original data you're working with and to that effect
- Work on copies of the original data
- Comment code
- Validate your program's results
- Maintain extensive logging
- Return output in an easy-to-analyze or understand format
The golden rule of forensics: do not modify the original data. Always work on a forensic copy or through a write-blocker. However, this may not be an option for other disciplines such as for incident responders where the parameters and scope varies.
In these cases, it is ...
Get Learning Python for Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
