O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Python Forensics

Book Description

Python Forensics provides many never-before-published proven forensic modules, libraries, and solutions that can be used right out of the box. In addition, detailed instruction and documentation provided with the code samples will allow even novice Python programmers to add their own unique twists or use the models presented to build new solutions.

Rapid development of new cybercrime investigation tools is an essential ingredient in virtually every case and environment. Whether you are performing post-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.

Drawing upon years of practical experience and using numerous examples and illustrative code samples, author Chet Hosmer discusses how to:

  • Develop new forensic solutions independent of large vendor software release schedules
  • Participate in an open-source workbench that facilitates direct involvement in the design and implementation of new methods that augment or replace existing tools
  • Advance your career by creating new solutions along with the construction of cutting-edge automation solutions to solve old problems
  • Provides hands-on tools, code samples, and detailed instruction and documentation that can be put to use immediately
  • Discusses how to create a Python forensics workbench
  • Covers effective forensic searching and indexing using Python
  • Shows how to use Python to examine mobile device operating systems: iOS, Android, and Windows 8
  • Presents complete coverage of how to use Python scripts for network investigation

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Acknowledgments
  7. Endorsements
  8. List of figures
  9. About the Author
  10. About the Technical Editor
  11. Foreword
  12. Preface
    1. Intended audience
    2. Prerequisites
    3. Reading this book
    4. Supported platforms
    5. Download software
    6. Comments, questions, and contributions
  13. Chapter 1: Why Python Forensics?
    1. Abstract
    2. Introduction
    3. Cybercrime investigation challenges
    4. How can the Python programming environment help meet these challenges?
    5. Python and the Daubert evidence standard
    6. Organization of the book
    7. Chapter review
    8. Summary questions
  14. Chapter 2: Setting up a Python Forensics Environment
    1. Abstract
    2. Introduction
    3. Setting up a python forensics environment
    4. The right environment
    5. Choosing a python version
    6. Installing python on windows
    7. Python packages and modules
    8. What is included in the standard library?
    9. Third-party packages and modules
    10. Integrated development environments
    11. Python on mobile devices
    12. A virtual machine
    13. Chapter review
    14. Summary questions
    15. Looking ahead
  15. Chapter 3: Our First Python Forensics App
    1. Abstract
    2. Introduction
    3. Naming conventions and other considerations
    4. Our first application “one-way file system hashing”
    5. Code walk-through
    6. Results presentation
    7. Chapter review
    8. Summary questions
    9. Looking ahead
  16. Chapter 4: Forensic Searching and Indexing Using Python
    1. Abstract
    2. Introduction
    3. Keyword context search
    4. Code walk-through
    5. Results presentation
    6. Indexing
    7. Coding isWordProbable
    8. p-search complete code listings
    9. Chapter review
    10. Summary questions
  17. Chapter 5: Forensic Evidence Extraction (JPEG and TIFF)
    1. Abstract
    2. Introduction
    3. Code Walk-Through
    4. Chapter review
    5. Summary questions
  18. Chapter 6: Forensic Time
    1. Abstract
    2. Introduction
    3. Adding time to the equation
    4. The time module
    5. The Network Time Protocol
    6. Obtaining and installing the NTP Library ntplib
    7. World NTP Servers
    8. NTP Client Setup Script
    9. Chapter review
    10. Summary questions
  19. Chapter 7: Using Natural Language Tools in Forensics
    1. Abstract
    2. What is Natural Language Processing?
    3. Installing the Natural Language Toolkit and associated libraries
    4. Working with a corpus
    5. Experimenting with NLTK
    6. Creating a corpus from the Internet
    7. NLTKQuery application
    8. Chapter review
    9. Summary questions
  20. Chapter 8: Network Forensics: Part I
    1. Abstract
    2. Network investigation basics
    3. Captain Ramius: re-verify our range to target… one ping only
    4. Port scanning
    5. Chapter review
    6. Summary questions
  21. Chapter 9: Network Forensics: Part II
    1. Abstract
    2. Introduction
    3. Packet sniffing
    4. Raw sockets in Python
    5. Python Silent Network Mapping Tool (PSNMT)
    6. PSNMT source code
    7. Program execution and output
    8. Chapter review
    9. Summary question/challenge
  22. Chapter 10: Multiprocessing for Forensics
    1. Abstract
    2. Introduction
    3. What is multiprocessing?
    4. Python multiprocessing support
    5. Simplest multiprocessing example
    6. Multiprocessing File Hash
    7. Multiprocessing Hash Table generation
    8. Chapter review
    9. Summary question/challenge
  23. Chapter 11: Rainbow in the Cloud
    1. Abstract
    2. Introduction
    3. Putting the cloud to work
    4. Cloud options
    5. Creating rainbows in the cloud
    6. Password Generation Calculations
    7. Chapter review
    8. Summary question/challenge
  24. Chapter 12: Looking Ahead
    1. Abstract
    2. Introduction
    3. Where do we go from here?
    4. Conclusion
  25. Index