My entire career has been driven by automation. I learned early on that automating repetitive tasks using simple scripts allowed me more time to focus on exciting challenges. If I did anything more than twice, I would ask myself if I could automate at least a portion of the process.

This approach has benefited me across different job roles, operating systems and programming languages. The pursuit of automation has often driven me to learn as I sought the best way to solve a problem.

Here’s how embracing automation can make life easier and become a tool for solving problems you didn’t even know you had.

Automation is a help, not a hindrance

It had always fascinated me when I encountered people who consider automation too much effort or even a threat to their livelihood. I have found the opposite to be true. For me, the benefits of automation are many. Here are a few of them:

• Quicker and more consistent results. A script will always do the same thing in the same way, while humans may not. This can have advantages and disadvantages. For instance, a script may fail if there is an error condition, while a person can find a solution. For those tasks where the input data is always understood and anomalies are addressed, an automation script is an excellent way to ensure consistent results and free the analyst to do other tasks.
• Repeatable and thorough processes. As mentioned above, scripts do the same thing in the same way. This ensures that nothing gets forgotten in the process and the script will have repeatable results each time it is run.
• Reduced reliance on esoteric knowledge. Each person has a different journey in their professional growth. A well-written automation script can help ensure that not all analysts require esoteric knowledge. The script itself can perform functions that might require specific knowledge that not all practitioners may have. As a result, the user can focus on analysis rather than learning obscure requirements.
• Non-repudiation through proven methods. When producing the answers to questions, someone will invariably ask how they can ensure the results are accurate. This can be addressed by reviewing the script, its logic and its record of accurate results. There is no requirement to review a script’s “skill” or “training” since how it functions is evident in its code.
• Efficiency through practical approaches. Scripts are typically created to solve a problem quickly. This inherent quality helps to ensure that the script is both practical and designed to save time. This will be true even if the script itself is not “perfect”.

A tool for refining processes

There is little question that automation has had a dramatic impact on organizations. But I have realized that automation’s benefits can be even more dramatic for their creators.

Automation often starts as a simple script to solve a pressing problem by tying multiple manual actions together. These scripts can stay in that state, providing a quicker way to accomplish mundane, repetitive tasks.

However, if thought is given to the process that the script is designed to automate, it can evolve into something more. The automation process will often uncover additional areas where further automation can improve usability and results. After repeated use, something very interesting can happen.

If the creator of the script is also the user, they will begin to think differently about the problem. The small act of creating a simple script allows the creator to consider new solutions to more complex issues. In other words, as the script improves, the creator continues learning more about the problem and developing additional creative solutions.

My journey with automation

Over 10 years ago, I wrote a simple forensic collection batch file. I designed it to automate the manual commands I would use to collect data of forensic value on malware-infected computers. As I used the script, I learned more about forensic collection and eventually outgrew the capabilities of that batch file. I needed a more complex collection program to do what I wanted. Since nothing existed to do what I wanted, I wrote my own forensic collection program in C. When new challenges arose, I would add functionality to the software to address them. As the program improved, I learned more. As I learned more, the software improved.

During that time, I also considered ways to parse the collected data into a report that would allow me to find answers more quickly. This prompted me to create a reporting program that could read the collected data and produce a quick view of the machine to identify suspicious behavior faster.

As I encountered more investigations across multiple platforms, I converted the collection program to run on multiple platforms by porting it to the Go language, which I had never used before. This allowed me to use the same collection processes across multiple platforms — a concept I would never have considered if I had not taken the previous automation steps.

After creating the collection and reporting programs, I realized that automating the collection data processing, running the reporting program and running additional forensic analysis tools on the data could further maximize my time and improve my results. This led me to create a fully automated pipeline for ingesting and reporting forensic artifacts and telemetry.

The truly amazing part was that creating the automation pipeline was fairly simple. I had already built the components, and integrating the collection, processing and reporting components into an automated pipeline took very little time and effort.

My automated forensic processing pipeline would not exist without that original, simple collection batch script. At each step, I saw a need I had not seen before. This process encouraged me to learn more about operating systems and their internal workings and learn additional programming languages and design methods for analysis that I would not have considered otherwise.

Overall, creating automation has improved my analysis and forced me to learn more than I would have otherwise.

Revitalize your creativity and innovation

While the original script is developed to solve a problem, the real benefit comes when the script evolves to tackle increasingly complex problems not previously considered. This process encourages further creativity and innovation. Out of a simple script, a complete solution to previously unknown or not considered problems can come into focus.

For this reason, practitioners should be encouraged to automate solutions to their problems and continue developing those solutions even after the initial issue is resolved. Doing this encourages creativity and innovation and drives the organization forward to create new solutions to problems still waiting for elegant solutions.