I have a problem

I can write tools in .NET which is basically a Windows framework (TimeLord is the one that is published but I have others). There is Mono for Linux but it is always playing catch-up. I can write programs in C or C++ which is best implemented in *nix (Linux for most forensic analysts). Cross platform tools are rare, difficult to implement and (especially if it means command line) not used in Windows.

My question is this - If I develop a forensic tool, in what framework would you prefer it? Windows, *nix and then do you want GUI or cmdline? (GUI =easy*resticted, cmdline=difficult*flexible)

If the majority is for Windows and GUI then I'll start charging for any future applications (because I can), if however, the majority is for *nix and cmdline then I'll develop open source because I want to help catch the bad guys and do my bit for the global good.

I could do a poll but this doesn't gather the kind of thought process that I want from you all.

Oh, by the way, I can write Mac apps but the Mac API is pathetic in a forensic context so I have ignored this (unless of course you know better!).

Paul  

Last edited by binarybod on Wed Oct 13, 2010 6:21 pm; edited 1 time in total

Actually AFAIK a number of people (at least you can count me ) consider:

• .NET and ALL similar frameworks a huge bloat
• "pure" C, C+ or C# (the one I call "C dumb") command line tools under windows VERY usable

And quite a lot of pure *nix have been ported to Windows 32 bit through minGW compiling or cygwin .dll's, so I don't think that is such a difficult thing to create command line tools and port them.
And for the GUI enthusiast, there is always the solution of pseudo-GUIs or nice looking wrap-arounds the "real" things (the command line apps).
The command line apps have the distinctive advantage that they are usually easily scriptable, through batch, vbs or python, thus they are IMHO much more useful to a "technically oriented" community.

jaclaz  

@jaclaz

Don't you find that cygwin is a bit outdated now that VM's are so easy? I have a custom made Linux forensics machine with shares to all my Windows (host) machine drives and I can therefore use native Linux tools on all my Windows generated files.

MinGW is dead, surely?

Paul  

My vote is for the free option every time

Is it that .NET GUI based app's are a larger investment in time for yourself, and hence require the need to charge ?

I agree with Jaclaz.
Personally I like cmdline tools that do one job. When scripted they can fit nicely into a workflow. GUI apps that perform the same function are indeed bloaty and dont have the same flexibility. When you are talking about an app that performs several jobs and functions then a GUI based app is the only way to go, no one wants to be at the cmd line using 20 switches and 6 arguments.

Btw thanks for Timelord I am using that more and more, a great contribution to the community  

You can always develop under QT so that you can have your application on Linux, Windows, or Mac.

Cheers!

farmerdude

www.onlineforensictraining.com

www.forensicbootcd.com  

Use MFC only (statically linked) and if needed just implement both: application started without parameters = gui-version, with parameters cmdline-version. If you need to run it under Linux use Wine...

Cheers  

- binarybod

@jaclaz
MinGW is dead, surely?

Nope. The new mingw-get installer out there tracks GCC 4.5. I don't know whether there's a difference in the compilers shipped with VS Pro, but I found that MinGW generated considerably faster code than VS Express.


Jon