Derric: finding more digital forensic evidence in a faster way

Derric is a domain-specific language (DSL) created to simplify and speed up the development of file format validators, i.e. software components being able to identify the type of a file or data structure. These validators are typically used in automated digital forensics tools, such as file carvers, to recover deleted, damaged or scrambled files based on their remaining contents on digital media such as hard-disks, USB sticks and mobile phones.

Derric is written in Rascal, a general metaprogramming language also produced by the Software Analysis and Transformation (SWAT) group. The software allows digital forensic investigation specialists to find more evidence a lot faster, leading to better detective work. It is currently being used in actual forensic cases at the Netherlands Forensic Institute (NFI).