Since win 10 has ability to use UNIX power tools in native environment it gives a nice field to experiment. In theory tools like bash, awk, sed, grep, ed, vi ... and many more can be integrated into forensic process with standard commercial tools like encase or ftk or whatever can run on windows 10 platform.
It was possible even earlier trough cygwin or othet similar tools but with more or less trouble, converting data with iconv etc ..
There is great potential, but I'm skeptical since even existing ordinary windows script like tools were not much used. There is no reason to change this just because of UNIX power tools.
In the other hand it will provide much simpler environment around tools like volatility, I always dread way how volatility was handled in some training materials I've seen for commercial digital forensic software. The script command will now be natural and all IO will be processed much more consistent way :) :) I suppose the "expect" will be also able to run on windows 10.
I'll try it a bit and post results, this is nice extension possibility for current trend of using python in forensics
Some time ago I was writing about using cmd line grep from cygwin to filter out result of sweep operation, it was not integrated but still shows the basic idea. Perl is here very mature solution, but tow drawback exists, knowledge and unicode handling. Lack of knowledge is definitely the biggest problem especially current attitude to "exotic" knowledge, as we've seen in problems with swift attacks.
It was possible even earlier trough cygwin or othet similar tools but with more or less trouble, converting data with iconv etc ..
There is great potential, but I'm skeptical since even existing ordinary windows script like tools were not much used. There is no reason to change this just because of UNIX power tools.
In the other hand it will provide much simpler environment around tools like volatility, I always dread way how volatility was handled in some training materials I've seen for commercial digital forensic software. The script command will now be natural and all IO will be processed much more consistent way :) :) I suppose the "expect" will be also able to run on windows 10.
I'll try it a bit and post results, this is nice extension possibility for current trend of using python in forensics
Some time ago I was writing about using cmd line grep from cygwin to filter out result of sweep operation, it was not integrated but still shows the basic idea. Perl is here very mature solution, but tow drawback exists, knowledge and unicode handling. Lack of knowledge is definitely the biggest problem especially current attitude to "exotic" knowledge, as we've seen in problems with swift attacks.
