Book Image

Mastering Python Forensics

Book Image

Mastering Python Forensics

Overview of this book

Digital forensic analysis is the process of examining and extracting data digitally and examining it. Python has the combination of power, expressiveness, and ease of use that makes it an essential complementary tool to the traditional, off-the-shelf digital forensic tools. This book will teach you how to perform forensic analysis and investigations by exploring the capabilities of various Python libraries. The book starts by explaining the building blocks of the Python programming language, especially ctypes in-depth, along with how to automate typical tasks in file system analysis, common correlation tasks to discover anomalies, as well as templates for investigations. Next, we’ll show you cryptographic algorithms that can be used during forensic investigations to check for known files or to compare suspicious files with online services such as VirusTotal or Mobile-Sandbox. Moving on, you’ll learn how to sniff on the network, generate and analyze network flows, and perform log correlation with the help of Python scripts and tools. You’ll get to know about the concepts of virtualization and how virtualization influences IT forensics, and you’ll discover how to perform forensic analysis of a jailbroken/rooted mobile device that is based on iOS or Android. Finally, the book teaches you how to analyze volatile memory and search for known malware samples based on YARA rules.

Related Content you might be interested in

Current Title:

Small book image
Mastering Python Forensics
Oct, 2015 | 192 pages
No titles found
Table of Contents (14 chapters)
Mastering Python Forensics
Mastering Python Forensics
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Setting Up the Lab and Introduction to Python ctypes
Setting Up the Lab and Introduction to Python ctypes
Setting up the Lab
Introduction to Python ctypes
Summary
2
Forensic Algorithms
Forensic Algorithms
Algorithms
Supporting the chain of custody
Real-world scenarios
Summary
3
Using Python for Windows and Linux Forensics
Using Python for Windows and Linux Forensics
Analyzing the Windows Event Log
Analyzing the Windows Registry
Implementing Linux specific checks
Summary
4
Using Python for Network Forensics
Using Python for Network Forensics
Using Dshell during an investigation
Using Scapy during an investigation
Summary
5
Using Python for Virtualization Forensics
Using Python for Virtualization Forensics
Considering virtualization as a new attack surface
Searching for misuse of virtual resources
Using virtualization as a source of evidence
Summary
6
Using Python for Mobile Forensics
Using Python for Mobile Forensics
The investigative model for smartphones
Android
Apple iOS
Summary
7
Using Python for Memory Forensics
Using Python for Memory Forensics
Understanding Volatility basics
Using Volatility on Android
Using Volatility on Linux
Summary
Where to go from here
Index
Index

About the Reviewers

Richard Marsden has over twenty years of professional experience in software development. After starting in the fields of geophysics and oil exploration, he has spent the last twelve years running the Winwaed Software Technology LLC, an independent software vendor. Winwaed specializes in geospatial tools and applications, which include web applications, and operates the http://www.mapping-tools.com website for tools and add-ins for geospatial products, such as Caliper's Maptitude and Microsoft's MapPoint.

Richard was also a technical reviewer for Python Geospatial Development, and Python Geospatial Analysis Essentials, both written by Erik Westra, Packt Publishing.

Puneet Narula is currently working as PPC Data Analyst with Hostelworld.com Ltd (http://www.hostelworld.com/), Dublin, Ireland, where he analyzes massive clickstream data from direct and affiliate sources and provides insight to the digital marketing team. He uses RapidMiner, R, and Python for the exploratory and predictive analysis. His areas of expertise are programming in Python and R, machine learning, data analysis and Tableau.

He started his career in banking and finance and then moved to the ever growing domain of data and analytics.

He earned MSc in computing (data analytics) from Dublin Institute of Technology, Dublin, Ireland. He has reviewed the books: Python Data Analysis, by Ivan Idris, Packt Publishing and Python Geospatial Analysis Essentials, by Erik Westra, Packt Publishing.

Yves Vandermeer is a police officer working for the Belgian Federal Police. He has been involved in major investigations since 1997, where he contributed to recovering digital evidence. Owning a MSc in computer forensics, Yves is also a trainer on several topics such as filesystems and network forensics for several law enforcement agencies.

Chairing the European Cybercrime Training and Education Group, E.C.T.E.G., since 2013, Yves supports the creation of training materials that are focused on the understanding of the concepts applied in practical exercises.

Using his experience, he developed forensic software tools for law enforcement and contributed to several advisory groups related to IT crime and IT forensics.

Previous Section
Next Chapter