In the first chapter, we created our lab environment: a virtual machine running Ubuntu 14.04.2 LTS. This step is really important as you can now create snapshots before working on real evidence and are able to roll back to a clean machine state after finishing the investigation. This can be helpful, especially, when working with compromised system backups, where you want to be sure that your system is clean when working on a different case afterwards.
In the second part of this chapter, we demonstrated how to work with Python's virtual environments (virtualenv) that will be used and extended throughout the book.
In the last section of this chapter, we introduced the Python ctypes to you, which is a very powerful library available to the Python developer. With those ctypes, you are not only able to call functions in the dynamically linked libraries (available Microsoft Win32 APIs or common Linux shared objects), but they can also be used for low-level memory manipulation.
After completing this chapter, you will have a basic environment created to be used for the rest of the book, and you will also understand the fundamentals of Python ctypes that will be helpful in some of the following chapters.