book

Python Forensics

Name: Python Forensics
Author: Chet Hosmer
ISBN: 9780124186835

by Chet Hosmer

May 2014

Intermediate to advanced

352 pages

7h 40m

English

Syngress

Read now

Unlock full access

Cover image
Title page
Table of Contents
Copyright
Dedication
Acknowledgments
Endorsements
List of figures
About the Author
About the Technical Editor

Foreword
Preface
Intended audiencePrerequisitesReading this bookSupported platformsDownload softwareComments, questions, and contributions
Chapter 1: Why Python Forensics?
AbstractIntroductionCybercrime investigation challengesHow can the Python programming environment help meet these challenges?Python and the Daubert evidence standardOrganization of the bookChapter reviewSummary questions
Chapter 2: Setting up a Python Forensics Environment
AbstractIntroductionSetting up a python forensics environmentThe right environmentChoosing a python versionInstalling python on windowsPython packages and modulesWhat is included in the standard library?Third-party packages and modulesIntegrated development environmentsPython on mobile devicesA virtual machineChapter reviewSummary questionsLooking ahead
Chapter 3: Our First Python Forensics App
AbstractIntroductionNaming conventions and other considerationsOur first application “one-way file system hashing”Code walk-throughResults presentationChapter reviewSummary questionsLooking ahead
Chapter 4: Forensic Searching and Indexing Using Python
AbstractIntroductionKeyword context searchCode walk-throughResults presentationIndexingCoding isWordProbablep-search complete code listingsChapter reviewSummary questions
Chapter 5: Forensic Evidence Extraction (JPEG and TIFF)
AbstractIntroductionCode Walk-ThroughChapter reviewSummary questions
Chapter 6: Forensic Time
AbstractIntroductionAdding time to the equationThe time moduleThe Network Time ProtocolObtaining and installing the NTP Library ntplibWorld NTP ServersNTP Client Setup ScriptChapter reviewSummary questions
Chapter 7: Using Natural Language Tools in Forensics
AbstractWhat is Natural Language Processing?Installing the Natural Language Toolkit and associated librariesWorking with a corpusExperimenting with NLTKCreating a corpus from the InternetNLTKQuery applicationChapter reviewSummary questions
Chapter 8: Network Forensics: Part I
AbstractNetwork investigation basicsCaptain Ramius: re-verify our range to target… one ping onlyPort scanningChapter reviewSummary questions
Chapter 9: Network Forensics: Part II
AbstractIntroductionPacket sniffingRaw sockets in PythonPython Silent Network Mapping Tool (PSNMT)PSNMT source codeProgram execution and outputChapter reviewSummary question/challenge
Chapter 10: Multiprocessing for Forensics
AbstractIntroductionWhat is multiprocessing?Python multiprocessing supportSimplest multiprocessing exampleMultiprocessing File HashMultiprocessing Hash Table generationChapter reviewSummary question/challenge
Chapter 11: Rainbow in the Cloud
AbstractIntroductionPutting the cloud to workCloud optionsCreating rainbows in the cloudPassword Generation CalculationsChapter reviewSummary question/challenge
Chapter 12: Looking Ahead
AbstractIntroductionWhere do we go from here?Conclusion
Index

Overview

Python Forensics provides many never-before-published proven forensic modules, libraries, and solutions that can be used right out of the box. In addition, detailed instruction and documentation provided with the code samples will allow even novice Python programmers to add their own unique twists or use the models presented to build new solutions.

Rapid development of new cybercrime investigation tools is an essential ingredient in virtually every case and environment. Whether you are performing post-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.

Drawing upon years of practical experience and using numerous examples and illustrative code samples, author Chet Hosmer discusses how to:

Develop new forensic solutions independent of large vendor software release schedules
Participate in an open-source workbench that facilitates direct involvement in the design and implementation of new methods that augment or replace existing tools
Advance your career by creating new solutions along with the construction of cutting-edge automation solutions to solve old problems

Provides hands-on tools, code samples, and detailed instruction and documentation that can be put to use immediately
Discusses how to create a Python forensics workbench
Covers effective forensic searching and indexing using Python
Shows how to use Python to examine mobile device operating systems: iOS, Android, and Windows 8
Presents complete coverage of how to use Python scripts for network investigation

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780124186767

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills