Introducing the Struct module
The struct
module is a standard Python library and is incredibly useful. The struct
library is used to convert C structures to or from binary data. Full documentation of this module can be found at http://docs.python.org/2/library/struct.html.
For forensic purposes, the most important function in the struct
module is the unpack()
method. This method takes a format string representing the objects to be extracted from the binary data. It is important that the size dictated by the format string correlates to the size of the binary data supplied to the method.
The format string dictates what kind of data is in the binary object and how it should be interpreted. If we do not correctly identify the types of data or try to ...
Get Learning Python for Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.