Python Digital Forensics Cookbook

More Information
Learn
  • Understand how Python can enhance digital forensics and investigations
  • Learn to access the contents of, and process, forensic evidence containers
  • Explore malware through automated static analysis
  • Extract and review message contents from a variety of email formats
  • Add depth and context to discovered IP addresses and domains through various Application Program Interfaces (APIs)
  • Delve into mobile forensics and recover deleted messages from SQLite databases
  • Index large logs into a platform to better query and visualize datasets
About

Technology plays an increasingly large role in our daily lives and shows no sign of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets.

By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations. Throughout the Python Digital Forensics Cookbook, recipes include topics such as working with forensic evidence containers, parsing mobile and desktop operating system artifacts, extracting embedded metadata from documents and executables, and identifying indicators of compromise. You will also learn to integrate scripts with Application Program Interfaces (APIs) such as VirusTotal and PassiveTotal, and tools such as Axiom, Cellebrite, and EnCase.

By the end of the book, you will have a sound understanding of Python and how you can use it to process artifacts in your investigations.

Features
  • Develop code that extracts vital information from everyday forensic acquisitions.
  • Increase the quality and efficiency of your forensic analysis.
  • Leverage the latest resources and capabilities available to the forensic community.
Page Count 412
Course Length 12 hours 21 minutes
ISBN 9781783987467
Date Of Publication 25 Sep 2017

Authors

Preston Miller

Preston Miller is a consultant at an internationally recognized risk management firm. Preston holds an undergraduate degree from Vassar College and a master's degree in digital forensics from Marshall University. While at Marshall, Preston unanimously received the prestigious J. Edgar Hoover Foundation's scientific scholarship. Preston is a published author, recently of Python Digital Forensics Cookbook, which won the Forensic 4:cast Digital Forensics Book of the Year award in 2018. Preston is a member of the GIAC advisory board and holds multiple industry-recognized certifications in his field.

Chapin Bryce

Chapin Bryce is a senior consultant at a global firm that is a leader in digital forensics and incident response investigations. After graduating from Champlain College, with a bachelor's degree in computer and digital forensics, Chapin dove into the field of digital forensics and incident response joining the GIAC advisory board and earning four GIAC certifications: GCIH, GCFE, GCFA, and GNFA. As a member of multiple ongoing research and development projects, he has authored several books and articles in professional and academic publications, including Python Digital Forensics Cookbook (2018 Digital Forensics Book of the Year, Forensic 4Cast), Learning Python for Forensics First Edition, and Digital Forensic Magazine.