Chapter 4. Using Python for Network Forensics

In this chapter, we will focus on the parts of the forensic investigation that are specific to the network layer. We will choose one of the most widely used Python packages for the purpose of manipulating and analyzing network traffic (Scapy) as well as a newly released open source framework by the U.S. Army Research Laboratory (Dshell). For both the toolkits, we have selected the examples of interesting evidence. This chapter will teach you the following:

How to search for IOC in network traffic
How to extract files for further analysis
How to monitor accessed files through Server Message Block (SMB)
How to build your own port scanner

Using Dshell during an investigation

Dshell is a Python-based network ...

Get Mastering Python Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Python Forensics by Dr. Michael Spreitzenbarth, Dr. Johann Uhrmann

Chapter 4. Using Python for Network Forensics

Using Dshell during an investigation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly