Book Description
Over 60 recipes to help you learn digital forensics and leverage Python scripts to amplify your examinations
About This Book
- Develop code that extracts vital information from everyday forensic acquisitions.
- Increase the quality and efficiency of your forensic analysis.
- Leverage the latest resources and capabilities available to the forensic community.
Who This Book Is For
If you are a digital forensics examiner, cyber security specialist, or analyst at heart, understand the basics of Python, and want to take it to the next level, this is the book for you. Along the way, you will be introduced to a number of libraries suitable for parsing forensic artifacts. Readers will be able to use and build upon the scripts we develop to elevate their analysis.
What You Will Learn
- Understand how Python can enhance digital forensics and investigations
- Learn to access the contents of, and process, forensic evidence containers
- Explore malware through automated static analysis
- Extract and review message contents from a variety of email formats
- Add depth and context to discovered IP addresses and domains through various Application Program Interfaces (APIs)
- Delve into mobile forensics and recover deleted messages from SQLite databases
- Index large logs into a platform to better query and visualize datasets
In Detail
Technology plays an increasingly large role in our daily lives and shows no sign of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets.
By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations. Throughout the Python Digital Forensics Cookbook, recipes include topics such as working with forensic evidence containers, parsing mobile and desktop operating system artifacts, extracting embedded metadata from documents and executables, and identifying indicators of compromise. You will also learn to integrate scripts with Application Program Interfaces (APIs) such as VirusTotal and PassiveTotal, and tools such as Axiom, Cellebrite, and EnCase.
By the end of the book, you will have a sound understanding of Python and how you can use it to process artifacts in your investigations.
Style and approach
Our succinct recipes take a no-frills approach to solving common challenges faced in investigations. The code in this book covers a wide range of artifacts and data sources. These examples will help improve the accuracy and efficiency of your analysis—no matter the situation.
Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.
Table of Contents
- Preface
- Essential Scripting and File Information Recipes
- Creating Artifact Report Recipes
- A Deep Dive into Mobile Forensic Recipes
- Extracting Embedded Metadata Recipes
- Networking and Indicators of Compromise Recipes
- Reading Emails and Taking Names Recipes
- Log-Based Artifact Recipes
- Working with Forensic Evidence Container Recipes
- Exploring Windows Forensic Artifacts Recipes - Part I
- Exploring Windows Forensic Artifacts Recipes - Part II