Python Digital Forensics Cookbook

Over 60 recipes to help you learn digital forensics and leverage Python scripts to amplify your examinations
Preview in Mapt

Python Digital Forensics Cookbook

Preston Miller, Chapin Bryce

1 customer reviews
Over 60 recipes to help you learn digital forensics and leverage Python scripts to amplify your examinations
Mapt Subscription
FREE
$29.99/m after trial
eBook
$18.00
RRP $35.99
Save 49%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$18.00
$44.99
$29.99p/m after trial
RRP $35.99
RRP $44.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Python Digital Forensics Cookbook Book Cover
Python Digital Forensics Cookbook
$ 35.99
$ 18.00
wxPython Application Development Cookbook Book Cover
wxPython Application Development Cookbook
$ 35.99
$ 25.20
Buy 2 for $35.00
Save $36.98
Add to Cart
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 

Book Details

ISBN 139781783987467
Paperback412 pages

Book Description

Technology plays an increasingly large role in our daily lives and shows no sign of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets.

By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations. Throughout the Python Digital Forensics Cookbook, recipes include topics such as working with forensic evidence containers, parsing mobile and desktop operating system artifacts, extracting embedded metadata from documents and executables, and identifying indicators of compromise. You will also learn to integrate scripts with Application Program Interfaces (APIs) such as VirusTotal and PassiveTotal, and tools such as Axiom, Cellebrite, and EnCase.

By the end of the book, you will have a sound understanding of Python and how you can use it to process artifacts in your investigations.

Table of Contents

Chapter 1: Essential Scripting and File Information Recipes
Introduction
Handling arguments like an adult
Iterating over loose files
Recording file attributes
Copying files, attributes, and timestamps
Hashing files and data streams
Keeping track with a progress bar
Logging results
Multiple hands make light work
Chapter 2: Creating Artifact Report Recipes
Introduction
Using HTML templates
Creating a paper trail
Working with CSVs
Visualizing events with Excel
Auditing your work
Chapter 3: A Deep Dive into Mobile Forensic Recipes
Introduction
Parsing PLIST files
Handling SQLite databases
Identifying gaps in SQLite databases
Processing iTunes backups
Putting Wi-Fi on the map
Digging deep to recover messages
Chapter 4: Extracting Embedded Metadata Recipes
Introduction
Extracting audio and video metadata
The big picture
Mining for PDF metadata
Reviewing executable metadata
Reading office document metadata
Integrating our metadata extractor with EnCase
Chapter 5: Networking and Indicators of Compromise Recipes
Introduction
Getting a jump start with IEF
Coming into contact with IEF
Beautiful Soup
Going hunting for viruses
Gathering intel
Totally passive
Chapter 6: Reading Emails and Taking Names Recipes
Introduction
Parsing EML files
Viewing MSG files
Ordering Takeout
What’s in the box?!
Parsing PST and OST mailboxes
Chapter 7: Log-Based Artifact Recipes
Introduction
About time
Parsing IIS web logs with RegEx
Going spelunking
Interpreting the daily.out log
Adding daily.out parsing to Axiom
Scanning for indicators with YARA
Chapter 8: Working with Forensic Evidence Container Recipes
Introduction
Opening acquisitions
Gathering acquisition and media information
Iterating through files
Processing files within the container
Searching for hashes
Chapter 9: Exploring Windows Forensic Artifacts Recipes - Part I
Introduction
One man's trash is a forensic examiner's treasure
A sticky situation
Reading the registry
Gathering user activity
The missing link
Searching high and low
Chapter 10: Exploring Windows Forensic Artifacts Recipes - Part II
Introduction
Parsing prefetch files
A series of fortunate events
Indexing internet history
Shadow of a former self
Dissecting the SRUM database

What You Will Learn

  • Understand how Python can enhance digital forensics and investigations
  • Learn to access the contents of, and process, forensic evidence containers
  • Explore malware through automated static analysis
  • Extract and review message contents from a variety of email formats
  • Add depth and context to discovered IP addresses and domains through various Application Program Interfaces (APIs)
  • Delve into mobile forensics and recover deleted messages from SQLite databases
  • Index large logs into a platform to better query and visualize datasets

Authors

Table of Contents

Chapter 1: Essential Scripting and File Information Recipes
Introduction
Handling arguments like an adult
Iterating over loose files
Recording file attributes
Copying files, attributes, and timestamps
Hashing files and data streams
Keeping track with a progress bar
Logging results
Multiple hands make light work
Chapter 2: Creating Artifact Report Recipes
Introduction
Using HTML templates
Creating a paper trail
Working with CSVs
Visualizing events with Excel
Auditing your work
Chapter 3: A Deep Dive into Mobile Forensic Recipes
Introduction
Parsing PLIST files
Handling SQLite databases
Identifying gaps in SQLite databases
Processing iTunes backups
Putting Wi-Fi on the map
Digging deep to recover messages
Chapter 4: Extracting Embedded Metadata Recipes
Introduction
Extracting audio and video metadata
The big picture
Mining for PDF metadata
Reviewing executable metadata
Reading office document metadata
Integrating our metadata extractor with EnCase
Chapter 5: Networking and Indicators of Compromise Recipes
Introduction
Getting a jump start with IEF
Coming into contact with IEF
Beautiful Soup
Going hunting for viruses
Gathering intel
Totally passive
Chapter 6: Reading Emails and Taking Names Recipes
Introduction
Parsing EML files
Viewing MSG files
Ordering Takeout
What’s in the box?!
Parsing PST and OST mailboxes
Chapter 7: Log-Based Artifact Recipes
Introduction
About time
Parsing IIS web logs with RegEx
Going spelunking
Interpreting the daily.out log
Adding daily.out parsing to Axiom
Scanning for indicators with YARA
Chapter 8: Working with Forensic Evidence Container Recipes
Introduction
Opening acquisitions
Gathering acquisition and media information
Iterating through files
Processing files within the container
Searching for hashes
Chapter 9: Exploring Windows Forensic Artifacts Recipes - Part I
Introduction
One man's trash is a forensic examiner's treasure
A sticky situation
Reading the registry
Gathering user activity
The missing link
Searching high and low
Chapter 10: Exploring Windows Forensic Artifacts Recipes - Part II
Introduction
Parsing prefetch files
A series of fortunate events
Indexing internet history
Shadow of a former self
Dissecting the SRUM database

Book Details

ISBN 139781783987467
Paperback412 pages
Read More
From 1 reviews

Read More Reviews

Recommended for You

wxPython Application Development Cookbook Book Cover
wxPython Application Development Cookbook
$ 35.99
$ 25.20
wxPython 2.8 Application Development Cookbook Book Cover
wxPython 2.8 Application Development Cookbook
$ 23.99
$ 16.80
Python Text Processing with NLTK 2.0 Cookbook: LITE Book Cover
Python Text Processing with NLTK 2.0 Cookbook: LITE
$ 9.99
$ 7.00
Digital Forensics with Kali Linux Book Cover
Digital Forensics with Kali Linux
$ 35.99
$ 25.20
Digital Forensics for Cyber Professionals [Video] Book Cover
Digital Forensics for Cyber Professionals [Video]
$ 23.99
$ 20.40
Digital Forensics and Incident Response Book Cover
Digital Forensics and Incident Response
$ 35.99
$ 18.00