Book description
Design, develop, and deploy innovative forensic solutions using Python
Key Features
- Discover how to develop Python scripts for effective digital forensic analysis
- Master the skills of parsing complex data structures with Python libraries
- Solve forensic challenges through the development of practical Python scripts
Book Description
Digital forensics plays an integral role in solving complex cybercrimes and helping organizations make sense of cybersecurity incidents. This second edition of Learning Python for Forensics illustrates how Python can be used to support these digital investigations and permits the examiner to automate the parsing of forensic artifacts to spend more time examining actionable data.
The second edition of Learning Python for Forensics will illustrate how to develop Python scripts using an iterative design. Further, it demonstrates how to leverage the various built-in and community-sourced forensics scripts and libraries available for Python today. This book will help strengthen your analysis skills and efficiency as you creatively solve real-world problems through instruction-based tutorials.
By the end of this book, you will build a collection of Python scripts capable of investigating an array of forensic artifacts and master the skills of extracting metadata and parsing complex data structures into actionable reports. Most importantly, you will have developed a foundation upon which to build as you continue to learn Python and enhance your efficacy as an investigator.
What you will learn
- Learn how to develop Python scripts to solve complex forensic problems
- Build scripts using an iterative design
- Design code to accommodate present and future hurdles
- Leverage built-in and community-sourced libraries
- Understand the best practices in forensic programming
- Learn how to transform raw data into customized reports and visualizations
- Create forensic frameworks to automate analysis of multiple forensic artifacts
- Conduct effective and efficient investigations through programmatic processing
Who this book is for
If you are a forensics student, hobbyist, or professional seeking to increase your understanding in forensics through the use of a programming language, then Learning Python for Forensics is for you. You are not required to have previous experience in programming to learn and master the content within this book. This material, created by forensic professionals, was written with a unique perspective and understanding for examiners who wish to learn programming.
Table of contents
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Now for Something Completely Different
- Python Fundamentals
- Parsing Text Files
- Working with Serialized Data Structures
-
Databases in Python
- An overview of databases
- Designing our script
-
Manually manipulating databases with Python – file_lister.py
- Building the main() function
- Initializing the database with the init_db() function
- Checking for custodians with the get_or_add_custodian() function
- Retrieving custodians with the get_custodian() function
- Understanding the ingest_directory() function
- Developing the format_timestamp() helper function
- Configuring the write_output() function
- Designing the write_csv() function
- Composing the write_html() function
- Running the script
-
Automating databases further – file_lister_peewee.py
- Peewee setup
- Jinja2 setup
- Updating the main() function
- Adjusting the init_db() function
- Modifying the get_or_add_custodian() function
- Improving the ingest_directory() function
- A closer look at the format_timestamp() function
- Converting the write_output() function
- Simplifying the write_csv() function
- Condensing the write_html() function
- Running our new and improved script
- Challenge
- Summary
-
Extracting Artifacts from Binary Files
- UserAssist
- Working with the yarp library
- Introducing the struct module
- Creating spreadsheets with the xlsxwriter module
-
The UserAssist framework
- Developing our UserAssist logic processor – userassist_parser.py
-
Writing Excel spreadsheets – xlsx_writer.py
- Controlling output with the excel_writer() function
- Summarizing data with the dashboard_writer() function
- Writing artifacts in the userassist_writer() function
- Defining the file_time() function
- Processing integers with the sort_by_count() function
- Processing datetime objects with the sort_by_date() function
- Writing generic spreadsheets – csv_writer.py
- Running the UserAssist framework
- Challenge
- Summary
- Fuzzy Hashing
-
The Media Age
- Creating frameworks in Python
- Introduction to EXIF metadata
- Introduction to ID3 metadata
- Introduction to Office metadata
- The Metadata_Parser framework overview
- Parsing EXIF metadata – exif_parser.py
- Parsing ID3 metdata – id3_parser.py
- Parsing Office metadata – office_parser.py
- Moving on to our writers
- Framework summary
- Additional challenges
- Summary
-
Uncovering Time
- About timestamps
- Using a GUI
-
Developing the date decoder GUI – date_decoder.py
- The DateDecoder class setup and __init__() method
- Executing the run() method
- Implementing the build_input_frame() method
- Creating the build_output_frame() method
- Building the convert() method
- Defining the convert_unix_seconds() method
- Conversion using the convert_win_filetime_64() method
- Converting with the convert_chrome_time() method
- Designing the output method
- Running the script
- Additional challenges
- Summary
-
Rapidly Triaging Systems
- Understanding the value of system information
-
Rapidly triaging systems – pysysinfo.py
- Understanding the get_process_info() function
- Learning about the get_pid_details() function
- Extracting process connection properties with the read_proc_connections() function
- Obtaining more process information with the read_proc_files() function
- Extracting Windows system information with the wmi_info() function
- Writing our results with the csv_writer() function
- Executing pysysinfo.py
- Challenges
- Summary
-
Parsing Outlook PST Containers
- The PST file format
- An introduction to libpff
-
Exploring PSTs – pst_indexer.py
- An overview
- Developing the main() function
- Evaluating the make_path() helper function
- Iteration with the folder_traverse() function
- Identifying messages with the check_for_msgs() function
- Processing messages in the process_msg() function
- Summarizing data in the folder_report() function
- Understanding the word_stats() function
- Creating the word_report() function
- Building the sender_report() function
- Refining the heat map with the date_report() function
- Writing the html_report() function
- The HTML template
- Running the script
- Additional challenges
- Summary
-
Recovering Transient Database Records
- SQLite WAL files
- Regular expressions in Python
- TQDM – a simpler progress bar
-
Parsing WAL files – wal_crawler.py
- Understanding the main() function
- Developing the frame_parser() function
- Processing cells with the cell_parser() function
- Writing the dict_helper() function
- Processing varints with the single_varint() function
- Processing varints with the multi_varint() function
- Converting serial types with the type_helper() function
- Writing output with the csv_writer() function
- Using regular expression in the regular_search() function
- Executing wal_crawler.py
- Challenge
- Summary
- Coming Full Circle
- Other Books You May Enjoy
Product information
- Title: Learning Python for Forensics - Second Edition
- Author(s):
- Release date: January 2019
- Publisher(s): Packt Publishing
- ISBN: 9781789341690
You might also like
book
Learning Python Networking - Second Edition
Achieve improved network programmability and automation by leveraging powerful network programming concepts, algorithms, and tools Key …
book
Learning Python for Forensics
Learn the art of designing, developing, and deploying innovative forensic solutions through Python About This Book …
book
Advanced Python Programming - Second Edition
Write fast, robust, and highly reusable applications using Python's internal optimization, state-of-the-art performance-benchmarking tools, and cutting-edge …
book
Hands-On Cryptography with Python
Learn to evaluate and compare data encryption methods and attack cryptographic systems About This Book Explore …