Chapter 12: Python Tools for Forensics Analysis

From the point of view of forensic and security analysis, Python can help us with those tasks related to extracting information from a memory dump, the sqlite database, and the Windows registry.

This chapter covers the primary tools we have in Python for extracting information from memory, sqlite databases, research about network forensics with PcapXray, getting information from the Windows registry, and using the logging module to register logging messages and debug Python scripts.

The following topics will be covered in this chapter:

Volatility framework for extracting data from memory and disk images
Connecting and analyzing SQLite databases
Network forensics with PcapXray
Getting information ...

Get Mastering Python for Networking and Security - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Python for Networking and Security - Second Edition by José Ortega

Chapter 12: Python Tools for Forensics Analysis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly