ForrestCook.net

Projects and posts related to digital forensics. Mostly.

iLEAPP, uLEAPP, weallLEAPP for theLEAPPs

Alexis Brignoni brought us the LEAPP projects; community driven, open source, up-to-date parsers for DFIR practitioners at a price we can all afford. If you haven’t heard of the LEAPPs by this point, I have absolutely no idea how you came across *this* blog… I won’t have much new to say about the tools, but I can’t exactly write up a “Resources” section to the site without mentioning them.

I have far more experience running iLEAPP vs the other three, but the concept is the same. Community developed parsers aggregated into a format that is accessible and effective. Earlier on in the project, there was a bit of a learning curve for those new to command line as certain dependencies needed to be installed, which could get a bit tricky at times. I recall staring blankly at my screen when things refused to launch, only to find that I had a version of Python that was too new at the time to run the tool. You see, kids, when programs start to work *too well*, a new version of Python comes out that wrecks things in the name of progress!

Now, however, the LEAPPs are available as executable releases, removing even that low bar from impeding new examiners as they dip their toes into open source utilities. Whenever I am fortunate enough to lead a class of examiners, these packaged executables find their way into the “goodies” folder.

The way I imagine the LEAPP projects keeping up to date is akin to a large cargo ship vs a bunch of little tug boats. Some of the big tools, with their containers full of excellent paid-for goods, are slow to turn the ship when major updates start harshing the mellow around the DFIR office. The little tug-boats who can, the open source community, can be faster to react at times. I have found on several occasions apps that are better (or differently) supported than what is observed in some major tools.

I would never tell someone to depend entirely on one tool for their work. The great thing about the LEAPP project is that it represents a large number of dedicated examiners, adding their individual expertise into one place to benefit the community as a whole. They are absolutely worth your time to check out.

, , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Digital Forensics and general nerdery. Learning bit by bit (heh) and fighting off imposter syndrome. Learning python, adapting it to my work and overcomplicating simple processes most of the time.