What is difference between Digital Forensic and Reverse Engineering?

Question

I am not able to understand exact difference in Digital Forensic and Reverse Engineering. Will Digital Forensic has anything to do with decompilation, assembly code reading or debugging?

Thanks

Answer 1

Digital Forensic practice usually involves:

• looking at logfiles
• doing recovery of unlinked filesystem objects (e.g deleted files)
• recovering browsing history through cache, etc.
• looking at timestamps of files

(usually for the purpose of law enforcement)

Reverse Engineering usually involves determining how something works by:

• looking at binary file formats of multiple files (or executables) to determine patterns
• decompilation of binary executables to determine intent of the code
• black-boxing and/or debugging of known-good applications to determine nominal behaviour with respect to data.

(usually for the purpose of interoperability)

They're completely different activities.

EDIT: so many typos.

Answer 2

I think the lines are a little more blurred than most realize. Digital forensics goes after the artifacts to prove certain activity has taken place. Very few software packages offer documentation on the files that are created by that application. Basically, reverse engineering is required to figure out what the artifacts are, but not all forensic examiners are required to do the actual reverse engineering part.

Answer 3

Both are very, very different.

Reverse Engineering is a process of deconstructing how a system behaves without its engineering documents.

It has many purposes: replicating or exploiting a system or merely to make a compatible product that works with a system. It may involve software tools (IDApro), in-circuit emulators, soldering irons, etc. One neat example is that it's possible to de-pot a chip using nitric acid https://www.youtube.com/watch?v=mT1FStxAVz4 and then place the chip under a microscope to possibly determine some of its structure and behavior. (IANAL, IANAC: Don't attempt without chemistry knowledge and lab safety.)

Digital Forensics is looking to see what people or systems may have done by examining compute, network and storage devices for evidence.

It is mostly used by persons defending systems such as system administrators or law enforcement to determine who/what/how a potential crime occurred. This can automated (Snort, Tripwire) or manual (searching logs, say in Splunk or Loggly, or searching raw disk snapshots for particular strings).

Answer 4

There very very different stuff! Digital Forensics is used to retrieve deleted artifacts , logging am dd image , you can see it like viewing the big picture.

Reversing is the opposite, it's digging into a code to it binaries and understanding 100% what it does.

If you'd like to enter this field I recommend reading Practical Malware Analasys book.

Answer 5

Digital forensics is the practice of retrieving information from digital media (computers, phones & tablets, networks) via a number of means. Normally for law enforcement, though it can be for private organisations and other partied; especially in the rising field of e-discovery.

Reverse engineering is looking at the code or binary of a file/system and determining how it is structured and how it works.

These are two completely different sciences. But if you think about it, they go hand in hand. Digital forensics need reverse engineering to determine what information is available in files they analyse and how that information is stored. Any good digital forensics company will have a R&D department that will allow them to do this in house.