Chapter 12: Python Tools for Forensics Analysis
From the point of view of forensic and security analysis, Python can help us with those tasks related to extracting information from a memory dump, the sqlite
database, and the Windows registry.
This chapter covers the primary tools we have in Python for extracting information from memory, sqlite
databases, research about network forensics with PcapXray, getting information from the Windows registry, and using the logging module to register logging messages and debug Python scripts.
The following topics will be covered in this chapter:
- Volatility framework for extracting data from memory and disk images
- Connecting and analyzing SQLite databases
- Network forensics with PcapXray
- Getting information from the Windows registry
- Logging in Python