Search code examples
debuggingassemblyreverse-engineeringdecompiling

What is difference between Digital Forensic and Reverse Engineering?

I am not able to understand exact difference in Digital Forensic and Reverse Engineering. Will Digital Forensic has anything to do with decompilation, assembly code reading or debugging?

Thanks

Solution

  • Digital Forensic practice usually involves:

    • looking at logfiles
    • doing recovery of unlinked filesystem objects (e.g deleted files)
    • recovering browsing history through cache, etc.
    • looking at timestamps of files

    (usually for the purpose of law enforcement)

    Reverse Engineering usually involves determining how something works by:

    • looking at binary file formats of multiple files (or executables) to determine patterns
    • decompilation of binary executables to determine intent of the code
    • black-boxing and/or debugging of known-good applications to determine nominal behaviour with respect to data.

    (usually for the purpose of interoperability)

    They're completely different activities.

    EDIT: so many typos.