Having fun while learning about and pivoting into the world of DFIR.
by ogmini
As I was reading This Week in 4N6, I came across a great article from Adam Hachem at https://www.hexordia.com/blog/using-open-source-forensic-tools. I would encourage you to read it especially if you aren’t a Python pro. When I first started playing around with Python, it took me too long to fully embrace the usefulness of venv or Virtual Environments. If you don’t know venv, this is your cue to go read the article!
Another important point that Adam touches upon is the value of compiling from source in order to get the latest version. This is incredibly important if compiled releases lag behind the codebase. I have personally run into the mistake of running older compiled releases. Recently, during the BelkaCTF I was using the compiled version of ALEAPP and it did not have one of the new plugins to parse an artifact in the image. Learn to compile or run from source!
Adam ends with the tip of always reading the README. I will end this post with saying you should read the article if you are new to Python.
tags: #Musings