TRINITY: An IDE for the Matrix

Author

van den Bos, Jeroen ; van der Storm, Tijs

Author_Institution

Netherlands Forensic Inst. (NFI), The Hague, Netherlands

fYear

2013

fDate

22-28 Sept. 2013

Firstpage

520

Lastpage

523

Abstract

Digital forensics software often has to be changed to cope with new variants and versions of file formats. Developers reverse engineer the actual files, and then change the source code of the analysis tools. This process is error-prone and time consuming because the relation between the newly encountered data and how the source code must be changed is implicit. TRINITY is an integrated debugging environment which makes this relation explicit using the DERRIC DSL for describing file formats. TRINITY consists of three simultaneous views: 1) the runtime state of an analysis, 2) a hex view of the actual data, and 3) the file format description. Cross-view trace ability links allow developers to better understand how the file format description should be modified. TRINITY aims to make the process of adapting digital forensics software more effective and efficient.

Keywords

data flow analysis; digital forensics; program debugging; reverse engineering; software maintenance; DERRIC DSL; IDE; TRINITY; actual data hexview; analysis runtime state; cross-view traceability links; digital forensics software; domain-specific language; file format description; integrated debugging environment; reverse engineering; Debugging; Digital forensics; Layout; Maintenance engineering; Reverse engineering; Runtime; Software; domain-specific language; integrated development environment; model-driven engineering; reverse engineering; software maintenance;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Maintenance (ICSM), 2013 29th IEEE International Conference on

Conference_Location

Eindhoven

ISSN

1063-6773

Type

conf

DOI

10.1109/ICSM.2013.86

Filename

6676947