Book Image

Python Digital Forensics [Video]

By : Daryl Bennett
Book Image

Python Digital Forensics [Video]

By: Daryl Bennett

Overview of this book

Python is uniquely positioned as a programming language to perform cyber investigations and perform forensics analysis. Unleash the power of Python by using popular libraries and Python tools to help you create efficient and thorough forensics investigations. This course will walk you through digital forensics on network traffic, host analysis, and memory analysis. The course starts with network forensics, an important aspect of any investigation. You will learn to read, sort, and sniff raw packets and also analyze network traffic. These techniques will help you drive your host analysis. You will learn about tools you'll need to perform a complete investigation with the utmost efficiency in both Windows and GNU/Linux environments with Python. Next, you will learn more advanced topics such as viewing data in PE and ELF binaries. It's vital to analyze volatile memory during an investigation as it provides details about what is actually running on a given system. So, you will learn the best tools to obtain and analyze volatile memory images. Finally, you will learn how to use Python in order to think like an attacker. You will complete enumeration, exploitation, and data exfiltration. By the end of the course, you will be able to make the most of Python processes and tackle varied, challenging, forensics-related problems. So, grab this course and think like an attacker! The code bundle for this course is available at https://github.com/PacktPublishing/Recipes-to-Successful-Python-Digital-Forensics.
Table of Contents (5 chapters)
Chapter 4
Memory Forensics
Content Locked
Section 3
Analyzing Linux Memory
In this video, we will continue to expand our knowledge of Volatility by providing images from Linux-based systems. - Learn to import and analyze Linux memory images with custom profiles - Learn the plugins for Linux systems and how they differ from Windows plugins - Find evidence of a remote session in a collected volatile memory image