Golang for DFIR
One of my goals for this year was getting comfortable with a new programming language. I’ve been a Python devotee for a long time and it’s almost always gets the job done, but I wanted a little bit more. There are times Python works against you: Dependency Nightmares: While virtualenv and a requirements.txt file work ok for developers it can often make use by non-developers or some deployment stories quite complicated. Speed & Scale: This is a funny one. 99% of the time Python is more than fast enough and scales widely enough. Except when it doesn’t. Chewing through a few hundred megabytes of logs? No big deal. Gigabytes or terabytes? Not so much. Hundreds of network connections? Sure. Hundreds of thousands or millions? You might need something more. Discipline: Python is easy. Almost too easy sometimes. It lets you cut corners, it takes care of a lot in the background. It’s a great language for getting things done but sometimes I want to learn/control/understand more. Beyond that sometimes I want software that’s more than functional, I want it to be engineered. More structure, more safety, etc. Working for company made up of largely developers there’s always talk about new development tools and languages. Rust and Golang have been hotly discussed in these circles (along with Erlang/Elixer/Node). I was considering both until I had a discussion at ArchCon with Liam Randall who effused about how great Golang had been for his organization. Good enough for Liam is good enough for me, so I dove in. ...