Sharpening Your Tools: Updating bulk_extractor for the 2020s
Authors: 
Simson Garfinkel and 
Jon StewartAuthors Info & Claims
Simson Garfinkel and Jon StewartAuthors Info & ClaimsAbstract
This article presents our experience updating the high-performance Digital forensics tool BE (bulk_extractor) a decade after its initial release. Between 2018 and 2022, we updated the program from C++98 to C++17. We also performed a complete code refactoring and adopted a unit test framework. DF tools must be frequently updated to keep up with changes in the ways they are used. A description of updates to the bulk_extractor tool serves as an example of what can and should be done.
References
[1]
Andrade, C. 2018. Internal, external, and ecological validity in research design, conduct, and evaluation. Indian Journal of Psychological Medicine 40(5), 498?499; https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6149308/.
[2]
Barker, R., Roginsky, A. 2019. Transitioning the use of cryptographic algorithms and key lengths. National Institute of Standards and Technology, Special Publication 800-131A, revision 2; https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
[3]
Beck, K. 2002. Test-Driven Development: By Example. Addison-Wesley Professional.
[4]
BitCurator; https://bitcurator.net/.
[5]
Brooks, F. P. 1975. The Mythical Man-Month?Essays on Software Engineering. Addison-Wesley.
[6]
Catch2. GitHub; https://github.com/catchorg/Catch2.
[7]
Cellebrite. Blackbag technology software user license agreements; https://cellebrite.com/en/blackbag-agreements/.
[8]
cxxopts. GitHub; https://github.com/jarro2783/cxxopts.
[9]
Donnelly, C., Stallman, R. M. Bison?the Yacc-compatible parser generator. Free Software Foundation; https://www.gnu.org/software/bison/manual/; ftp://ftp.gnu.org/pub/gnu/bison/.
[10]
Flex?fast lexical analyzer generator, GNU software package; https://github.com/westes/flex.
[11]
Fowler, M. 2018. Refactoring: Improving the Design of Existing Code, Second Edition. Addison-Wesley Professional.
[12]
Garfinkel, S. L. 2013. Digital forensics. American Scientist 101(5), 370-377; https://www.americanscientist.org/article/digital-forensics.
[13]
Garfinkel, S. L. 2013. Digital media triage with bulk data analysis and bulk_extractor. Computers and Security 32(C), 56?72; https://dl.acm.org/doi/10.5555/2748150.2748581.
[14]
Garfinkel, S. 1992. SBook: Simson Garfinkel's Address Book, Version 2.0, Simson Garfinkel and Associates; https://simson.net/ref/1992/SBook20.pdf.
[15]
Garfinkel, S. L., Farrell, P., Roussev, V., Dinolt, G. 2009. Bringing science to digital forensics with standardized forensic corpora. In Digital Investigation, Proceedings of the Ninth Annual Digital Forensic Research Workshop 6 (supplement); https://www.sciencedirect.com/science/article/pii/S1742287609000346.
[16]
Garfinkel, S., 2013. Digital media triage with bulk data analysis and bulk_extractor. Computers and Security 32, 56-72.
[17]
Garfinkel, S., Shelat, A. 2003. Remembrance of data passed. IEEE Security and Privacy 1(1), 17?27; https://dl.acm.org/doi/abs/10.1109/MSECP.2003.1176992.
[18]
Liu, J., Moore, R. T. 2015. An overview of the NSA's declassified intelligence oversight board reports. Lawfare; https://www.lawfareblog.com/overview-nsas-declassified-intelligence-oversight-board-reports.
[19]
Marlinspike, M. 2021. Exploiting vulnerabilities in cellebrite UFED and physical analyzer from an app's perspective. Signal; https://signal.org/blog/cellebrite-vulnerabilities/.
[20]
National Institute of Justice. 2004. Forensic examination of digital evidence: a guide for law enforcement; https://www.ojp.gov/pdffiles1/nij/199408.pdf.
[21]
Office of Deputy Assistant Secretary of Defense, Systems Engineering. 2011. Value engineering: a guidebook of best practices and tools; https://www.usace.army.mil/Portals/2/docs/Value%20Engineering/DoD%20SD-24_VE%20Handbook.pdf.
[22]
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D. 2012. AddressSanitizer: a fast address sanity checker. In Proceedings of the Usenix Annual Technical Conference, 28; https://dl.acm.org/doi/10.5555/2342821.2342849.
[23]
Serebryany, K., Iskhodzhanov, T. 2009. ThreadSanitizer: data race detection in practice. In Proceedings of the Workshop on Binary Instrumentation and Applications, 62-71; https://dl.acm.org/doi/10.1145/1791194.1791203.
[24]
Stroustrup, B. 2013. The C++ Programming Language, Fourth Edition. Addison-Wesley; https://www.stroustrup.com/4th.html.
[25]
Young, W. D., Boebert, W., Kain, R. 1985. Proving a computer system secure. The Scientific Honeyweller 6(2), 18?27.
Recommendations
CASE tools: understanding the reasons for non-use
Computer-Aided Software Engineering (CASE) technologies are tools that provide automated assistance for software development [3]. The goal of introducing CASE tools is the reduction of the time and cost of software development and the enhancement of the ...
Legal Issues Pertaining to the Development of Digital Forensic Tools
SADFE '08: Proceedings of the 2008 Third International Workshop on Systematic Approaches to Digital Forensic EngineeringDevelopers of new and improved forensic tools need to design them with the end result of their use in court in mind. Law enforcement must be able to show that the forensic tools and techniques produce reliable evidence in order for a court to consider ...
Making active CASE tools—toward the next generation CASE tools
In CASE field, there is a long-standing topic, i.e. the reason that CASE tools seem to be dearly bought but sparsely used. Based on our practical experience of making and using CASE tools, we point out the reason is that today's CASE tools are actually ...
Comments
Information & Contributors
Information
Published In
January/February 2023
125 pages
Copyright © 2023 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 March 2023
Published in QUEUE Volume 21, Issue 1
Check for updates
Qualifiers
- Research-article
- Popular
- Editor picked
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 7,643Total Downloads
- Downloads (Last 12 months)3,585
- Downloads (Last 6 weeks)314
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderMagazine Site
View this article on the magazine site (external)
Magazine SiteGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in