Getting started

Before we get started, it is necessary that you install Python on your machine. Please refer to Appendix A, Installing Python for instructions. Additionally, we recommend using an Integrated Development Environment, IDE, such as JetBrain's PyCharm. An IDE will highlight errors and offer suggestions that help streamline the development process and promote best practices when writing a code. If the installation of an IDE is not available, a simple text editor will work. We recommend an application such as Notepad++, Sublime Text, or Atom Text Editor. For those who are command line orientated, an editor such as Vim or Nano will work as well.

With Python installed, let's open the interactive prompt by typing python into your Command Prompt or terminal. We will begin by introducing some built-in functions to be used in troubleshooting. The first line of defense when confused by any object or function discussed in this book, or found in the wild, are the type(), dir(), and help() built-in functions. We realized that we have not yet introduced the common data types and so the following code might appear confusing. However, that is exactly the point of this exercise. During development, you will encounter data types you are unfamiliar with or what methods exist to interact with the object. These three functions help solve those issues. We will introduce the fundamental data types later in this chapter.

The type() function, when supplied with an object, will return its __name__ attribute, thus providing the type identifying information about the object. The dir() function, when supplied with a string representing the name of an object, will return its attributes showing all the available options of functions and parameters belonging to the object. The help() function can be used to display the specifics of these methods through its docstrings. Docstrings are nothing more than descriptions of a function that detail the inputs, outputs, and how to use the function.

Let's look at the str, or string, object as an example of these three functions. In the following example, passing a string of characters surrounded by single quotes to the type() function results in a type of str, or string. When we give examples where our typed input follows the >>> symbol, it indicates that you should type these statements in the Python interactive prompt. The Python interactive prompt can be accessed by typing python in the Command Prompt. Please refer to Appendix A, Installing Python if you receive an error while trying to access the interactive prompt:

>>> type('what am I?')
<type 'str'>

If we pass in an object to the dir() function, such as str, we can see its methods and attributes. Let's say that we then want to know what one of these functions, title(), does. We can use the help function to specify the object and its function as the input. The output of the help function tells us that no input is required, the output is a string object, and that the function capitalized the first character of every word. Let's use the title method on the 'what am I?' string:

>>> dir(str)
['__add__', '__class__', '__contains__', '__delattr__', '__doc__', '__eq__',
...
'swapcase', 'title', 'translate', 'upper', 'zfill']

>>> help(str.title)
title(...)
S.title() -> string
Return a titlecased version of S, i.e. words start with uppercase characters, all remaining cased characters have lowercase.
>>> 'what am I?'.title()
'What Am I?'

Next, type number = 5; now we have created a variable, called number, that has a value of 5. Using type() on that object indicates that 5 is an int, or integer. Going through the same procedure as earlier, we can see a series of available attributes and functions for the integer object. With the help() function, we check what the __add__() function does for our number object. From the following output, we can see that this function is equivalent to using the + symbol on two values:

>>> number = 5
>>> type(number)
<type 'int'>

>>> dir(number)
>>> ['__abs__', '__add__', __and__', '__class__', '__cmp__', '__coerce__',
'…
'denominator', 'imag', 'numerator', 'real']

>>> help(number.__add__)
__add__(...)
x.__add__(y) <==> x+y

Let's compare the difference between the __add__() function and the + symbol to verify our assumption. Using both methods to add 3 to our number object results in a returned value of 8. Unfortunately, we've broken the best practice rule as illustrated in the following example:

>>> number.__add__(3)
8
>>> number + 3
8

Notice how some methods, such as __add__(), have double leading and trailing underscores. These are referred to as magic methods and they are the methods the Python interpreter calls and they should not be called by the programmer. These magic methods are instead called indirectly by the user. For example, the integer __add__() magic method is called when the + symbol is being used between two numbers. Following the preceding example, you should never run number.__add__(3) instead of number + 3.

Python, just like any other programming language, has a specific syntax. Compared to other common programming languages, Python is like the English language and can be read fairly easily in scripts. This feature has attracted many, including the forensics community, to use this language. Even though Python's language is easy to read, it is not to be underestimated as it is powerful and supports common programming paradigms.

Most programmers start with a simple "Hello World" script, a test that proves that they are able to execute code and print the famous message onto the console window. With Python, the code to print this statement is a single line written on the first line of a file, as shown in the following example:

001 print "Hello World!"

Please do not write the line number (001) in your script. Line numbers are for illustration purposes only and are helpful when we discuss larger code samples and need to reference a particular line. Save this line of code in a file called hello.py. To run this script we call Python and the name of the script. The message "Hello World!" should be displayed in your terminal.