Summary
In this chapter, we have analyzed tools such as Volatility Framework as a set of utilities whose objective is the extraction of information from a RAM memory, SQLite as an open source SQL database engine, PcapXray as a network forensic tool to visualize a packet capture in offline mode, and the logging module for debugging and registering information that the script is processing.
After practicing with the examples provided in this chapter, you will have acquired sufficient knowledge to automate tasks related to forensics, such as getting information from memory extraction, a SQLite database, the Windows registry, and others related to analyzing network capture files.
In the next chapter, we will explore programming packages and Python modules for extracting information relating to geolocation IP addresses, extracting metadata from images and documents, and identifying web technology used by a website.
 
                                             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
     
         
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                