Learning Python for Forensics

Learn the art of designing, developing, and deploying innovative forensic solutions through Python

Learning Python for Forensics

This ebook is included in a Mapt subscription
Preston Miller, Chapin Bryce

4 customer reviews
Learn the art of designing, developing, and deploying innovative forensic solutions through Python
$47.99
$59.99
RRP $47.99
RRP $59.99
eBook
Print + eBook
Subscribe and access every Packt eBook & Video.
 
  • 4,000+ eBooks & Videos
  • 40+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Preview in Mapt

Book Details

ISBN 139781783285235
Paperback488 pages

Book Description

This book will illustrate how and why you should learn Python to strengthen your analysis skills and efficiency as you creatively solve real-world problems through instruction-based tutorials. The tutorials use an interactive design, giving you experience of the development process so you gain a better understanding of what it means to be a forensic developer.

Each chapter walks you through a forensic artifact and one or more methods to analyze the evidence. It also provides reasons why one method may be advantageous over another. We cover common digital forensics and incident response scenarios, with scripts that can be used to tackle case work in the field. Using built-in and community-sourced libraries, you will improve your problem solving skills with the addition of the Python scripting language. In addition, we provide resources for further exploration of each script so you can understand what further purposes Python can serve. With this knowledge, you can rapidly develop and deploy solutions to identify critical information and fine-tune your skill set as an examiner.

Table of Contents

Chapter 1: Now For Something Completely Different
When to use Python?
Getting started
Standard data types
Data type conversions
Files
Variables
Understanding scripting flow logic
Functions
Summary
Chapter 2: Python Fundamentals
Advanced data types and functions
Libraries
Classes and object-oriented programming
Try and except
Creating our first script – unix_converter.py
User input
Forensic scripting best practices
Developing our first forensic script – usb_lookup.py
Troubleshooting
Challenge
Summary
Chapter 3: Parsing Text Files
Setup API
Introducing our script
Our first iteration – setupapi_parser.v1.py
Our second iteration – setupapi_parser.v2.py
Our final iteration – setupapi_parser.py
Additional challenges
Summary
Chapter 4: Working with Serialized Data Structures
Serialized data structures
A simple Bitcoin Web API
Our first iteration – bitcoin_address_lookup.v1.py
Our second iteration – bitcoin_address_lookup.v2.py
Mastering our final iteration – bitcoin_address_lookup.py
Summary
Chapter 5: Databases in Python
An overview of databases
Using SQLite3
Designing our script
Manually manipulating databases with Python – file_lister.py
Further automating databases – file_lister_peewee.py
Challenge
Summary
Chapter 6: Extracting Artifacts from Binary Files
UserAssist
Working with the Registry module
Introducing the Struct module
Creating spreadsheets with the xlsxwriter module
The UserAssist framework
Running the UserAssist framework
Additional challenges
Summary
Chapter 7: Fuzzy Hashing
Background on hashing
Using SSDeep in Python – ssdeep_python.py
Additional challenges
Citations
Summary
Chapter 8: The Media Age
Creating frameworks in Python
Introduction to EXIF metadata
Introduction to ID3 metadata
Introduction to Office metadata
Metadata_Parser framework overview
Parsing EXIF metadata – exif_parser.py
Parsing ID3 metdata – id3_parser.py
Parsing Office metadata – office_parser.py
Moving on to our writers
Framework summary
Additional challenges
Summary
Chapter 9: Uncovering Time
About timestamps
Using a GUI
Developing the Date Decoder GUI – date_decoder.py
Additional challenges
Summary
Chapter 10: Did Someone Say Keylogger?
A detailed look at keyloggers
Building a keylogger for Windows
Multiprocessing in Python – simple_multiprocessor.py
Running Python without a command window
Exploring the code
Citations
Additional challenges
Summary
Chapter 11: Parsing Outlook PST Containers
The Personal Storage Table File Format
An introduction to libpff
Exploring PSTs – pst_indexer.py
Running the script
Additional challenges
Summary
Chapter 12: Recovering Transient Database Records
SQLite WAL files
Regular expressions in Python
TQDM – a simpler progress bar
Parsing WAL files – wal_crawler.py
Executing wal_crawler.py
Challenge
Summary
Chapter 13: Coming Full Circle
Frameworks
Colorama
FIGlet
Exploring the framework – framework.py
Summary

What You Will Learn

  • Discover how to perform Python script development
  • Update yourself by learning the best practices in forensic programming
  • Build scripts through an iterative design
  • Explore the rapid development of specialized scripts
  • Understand how to leverage forensic libraries developed by the community
  • Design flexibly to accommodate present and future hurdles
  • Conduct effective and efficient investigations through programmatic pre-analysis
  • Discover how to transform raw data into customized reports and visualizations

Authors

Table of Contents

Chapter 1: Now For Something Completely Different
When to use Python?
Getting started
Standard data types
Data type conversions
Files
Variables
Understanding scripting flow logic
Functions
Summary
Chapter 2: Python Fundamentals
Advanced data types and functions
Libraries
Classes and object-oriented programming
Try and except
Creating our first script – unix_converter.py
User input
Forensic scripting best practices
Developing our first forensic script – usb_lookup.py
Troubleshooting
Challenge
Summary
Chapter 3: Parsing Text Files
Setup API
Introducing our script
Our first iteration – setupapi_parser.v1.py
Our second iteration – setupapi_parser.v2.py
Our final iteration – setupapi_parser.py
Additional challenges
Summary
Chapter 4: Working with Serialized Data Structures
Serialized data structures
A simple Bitcoin Web API
Our first iteration – bitcoin_address_lookup.v1.py
Our second iteration – bitcoin_address_lookup.v2.py
Mastering our final iteration – bitcoin_address_lookup.py
Summary
Chapter 5: Databases in Python
An overview of databases
Using SQLite3
Designing our script
Manually manipulating databases with Python – file_lister.py
Further automating databases – file_lister_peewee.py
Challenge
Summary
Chapter 6: Extracting Artifacts from Binary Files
UserAssist
Working with the Registry module
Introducing the Struct module
Creating spreadsheets with the xlsxwriter module
The UserAssist framework
Running the UserAssist framework
Additional challenges
Summary
Chapter 7: Fuzzy Hashing
Background on hashing
Using SSDeep in Python – ssdeep_python.py
Additional challenges
Citations
Summary
Chapter 8: The Media Age
Creating frameworks in Python
Introduction to EXIF metadata
Introduction to ID3 metadata
Introduction to Office metadata
Metadata_Parser framework overview
Parsing EXIF metadata – exif_parser.py
Parsing ID3 metdata – id3_parser.py
Parsing Office metadata – office_parser.py
Moving on to our writers
Framework summary
Additional challenges
Summary
Chapter 9: Uncovering Time
About timestamps
Using a GUI
Developing the Date Decoder GUI – date_decoder.py
Additional challenges
Summary
Chapter 10: Did Someone Say Keylogger?
A detailed look at keyloggers
Building a keylogger for Windows
Multiprocessing in Python – simple_multiprocessor.py
Running Python without a command window
Exploring the code
Citations
Additional challenges
Summary
Chapter 11: Parsing Outlook PST Containers
The Personal Storage Table File Format
An introduction to libpff
Exploring PSTs – pst_indexer.py
Running the script
Additional challenges
Summary
Chapter 12: Recovering Transient Database Records
SQLite WAL files
Regular expressions in Python
TQDM – a simpler progress bar
Parsing WAL files – wal_crawler.py
Executing wal_crawler.py
Challenge
Summary
Chapter 13: Coming Full Circle
Frameworks
Colorama
FIGlet
Exploring the framework – framework.py
Summary

Book Details

ISBN 139781783285235
Paperback488 pages
Read More
From 4 reviews

Read More Reviews