Chapter 12: Python Tools for Forensics Analysis

From the point of view of forensic and security analysis, Python can help us with those tasks related to extracting information from a memory dump, the sqlite database, and the Windows registry.

This chapter covers the primary tools we have in Python for extracting information from memory, sqlite databases, research about network forensics with PcapXray, getting information from the Windows registry, and using the logging module to register logging messages and debug Python scripts.

The following topics will be covered in this chapter:

  • Volatility framework for extracting data from memory and disk images
  • Connecting and analyzing SQLite databases
  • Network forensics with PcapXray
  • Getting information ...

Get Mastering Python for Networking and Security - Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.