O'Reilly logo

Mastering Python Forensics by Dr. Johann Uhrmann, Dr. Michael Spreitzenbarth

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Using Python for Network Forensics

In this chapter, we will focus on the parts of the forensic investigation that are specific to the network layer. We will choose one of the most widely used Python packages for the purpose of manipulating and analyzing network traffic (Scapy) as well as a newly released open source framework by the U.S. Army Research Laboratory (Dshell). For both the toolkits, we have selected the examples of interesting evidence. This chapter will teach you the following:

  • How to search for IOC in network traffic
  • How to extract files for further analysis
  • How to monitor accessed files through Server Message Block (SMB)
  • How to build your own port scanner

Using Dshell during an investigation

Dshell is a Python-based network ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required