Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Python Forensics
  • Table Of Contents Toc
Mastering Python Forensics

Mastering Python Forensics

4.4 (7)
Buy this Book
close
close
Mastering Python Forensics

Mastering Python Forensics

4.4 (7)
Buy this Book

Overview of this book

Digital forensic analysis is the process of examining and extracting data digitally and examining it. Python has the combination of power, expressiveness, and ease of use that makes it an essential complementary tool to the traditional, off-the-shelf digital forensic tools. This book will teach you how to perform forensic analysis and investigations by exploring the capabilities of various Python libraries. The book starts by explaining the building blocks of the Python programming language, especially ctypes in-depth, along with how to automate typical tasks in file system analysis, common correlation tasks to discover anomalies, as well as templates for investigations. Next, we’ll show you cryptographic algorithms that can be used during forensic investigations to check for known files or to compare suspicious files with online services such as VirusTotal or Mobile-Sandbox. Moving on, you’ll learn how to sniff on the network, generate and analyze network flows, and perform log correlation with the help of Python scripts and tools. You’ll get to know about the concepts of virtualization and how virtualization influences IT forensics, and you’ll discover how to perform forensic analysis of a jailbroken/rooted mobile device that is based on iOS or Android. Finally, the book teaches you how to analyze volatile memory and search for known malware samples based on YARA rules.
Table of Contents (9 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Setting Up the Lab and Introduction to Python ctypes
chevron up
Icon
1. Setting Up the Lab and Introduction to Python ctypes
Icon
Setting up the Lab
Icon
Introduction to Python ctypes
Icon
Summary
2
2. Forensic Algorithms
Icon
2. Forensic Algorithms
Icon
Algorithms
Icon
Supporting the chain of custody
Icon
Real-world scenarios
Icon
Summary
3
3. Using Python for Windows and Linux Forensics
Icon
3. Using Python for Windows and Linux Forensics
Icon
Analyzing the Windows Event Log
Icon
Analyzing the Windows Registry
Icon
Implementing Linux specific checks
Icon
Summary
4
4. Using Python for Network Forensics
Icon
4. Using Python for Network Forensics
Icon
Using Dshell during an investigation
Icon
Using Scapy during an investigation
Icon
Summary
5
5. Using Python for Virtualization Forensics
Icon
5. Using Python for Virtualization Forensics
Icon
Considering virtualization as a new attack surface
Icon
Searching for misuse of virtual resources
Icon
Using virtualization as a source of evidence
Icon
Summary
6
6. Using Python for Mobile Forensics
Icon
6. Using Python for Mobile Forensics
Icon
The investigative model for smartphones
Icon
Android
Icon
Apple iOS
Icon
Summary
7
7. Using Python for Memory Forensics
Icon
7. Using Python for Memory Forensics
Icon
Understanding Volatility basics
Icon
Using Volatility on Android
Icon
Using Volatility on Linux
Icon
Summary
Icon
Where to go from here
8
Index
Icon
Index

Chapter 1. Setting Up the Lab and Introduction to Python ctypes

Cyber Security and Digital Forensics are two topics of increasing importance. Digital forensics especially, is getting more and more important, not only during law enforcement investigations, but also in the field of incident response. During all of the previously mentioned investigations, it's fundamental to get to know the root cause of a security breach, malfunction of a system, or a crime. Digital forensics plays a major role in overcoming these challenges.

In this book, we will teach you how to build your own lab and perform profound digital forensic investigations, which originate from a large range of platforms and systems, with the help of Python. We will start with common Windows and Linux desktop machines, then move forward to cloud and virtualization platforms, and end up with mobile phones. We will not only show you how to examine the data at rest or in transit, but also take a deeper look at the volatile memory.

Python provides an excellent development platform to build your own investigative tools because of its decreased complexity, increased efficiency, large number of third-party libraries, and it's also easy to read and write. During the journey of reading this book, you will not only learn how to use the most common Python libraries and extensions to analyze the evidence, but also how to write your own scripts and helper tools to work faster on the cases or incidents with a huge amount of evidence that has to be analyzed.

Let's begin our journey of mastering Python forensics by setting up our lab environment, followed by a brief introduction of the Python ctypes.

If you have already worked with Python ctypes and have a working lab environment, feel free to skip the first chapter and start directly with one of the other chapters. After the first chapter, the other chapters are fairly independent of each other and can be read in any order.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Python Forensics
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon