Mastering Python forensics : master the art of digital forensics and analysis with Python

Mastering Python forensics master the art of digital forensics and analysis with Python

Master the art of digital forensics and analysis with Python About This Book Learn to perform forensic analysis and investigations with the help of Python, and gain an advanced understanding of the various Python libraries and frameworks Analyze Python scripts to extract metadata and investigate for...

Descripción completa

Detalles Bibliográficos
Otros Autores: Spreitzenbarth, Michael, author (author), Urhmann, Johann, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham : Packt Publishing 2015.
Edición:1st edition
Colección:Community experience distilled.
Materias:
Python (Computer program language)
Computer security.
Data protection.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630029006719
Tabla de Contenidos:
  • Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Setting Up the Lab and Introduction to Python ctypes; Setting up the Lab; Ubuntu; Python virtual environment (virtualenv); Introduction to Python ctypes; Working with Dynamic Link Libraries; C data types; Defining Unions and Structures; Summary; Chapter 2: Forensic Algorithms; Algorithms; MD5; SHA256; SSDEEP; Supporting the chain of custody; Creating hash sums of full disk images; Creating hash sums of directory trees; Real-world scenarios; Mobile Malware; NSRLquery
  • Downloading and installing nsrlsvrWriting a client for nsrlsvr in Python; Summary; Chapter 3: Using Python for Windows and Linux Forensics; Analyzing the Windows Event Log; The Windows Event Log; Interesting Events; Parsing the Event Log for IOC; The python-evtx parser; The plaso and log2timeline tools; Analyzing the Windows Registry; Windows Registry Structure; Parsing the Registry for IOC; Connected USB Devices; User histories; Startup programs; System Information; Shim Cache Parser; Implementing Linux specific checks; Checking the integrity of local user credentials
  • Analyzing file meta informationUnderstanding inode; Reading basic file metadata with Python; Evaluating POSIX ACLs with Python; Reading file capabilities with Python; Clustering file information; Creating histograms; Advanced histogram techniques; Summary; Chapter 4: Using Python for Network Forensics; Using Dshell during an investigation; Using Scapy during an investigation; Summary; Chapter 5: Using Python for Virtualization Forensics; Considering virtualization as a new attack surface; Virtualization as an additional layer of abstraction; Creation of rogue machines; Cloning of systems
  • Searching for misuse of virtual resourcesDetecting rogue network interfaces; Detecting direct hardware access; Using virtualization as a source of evidence; Creating forensic copies of RAM content; Using snapshots as disk images; Capturing network traffic; Summary; Chapter 6: Using Python for Mobile Forensics; The investigative model for smartphones; Android; Manual Examination; Automated Examination with the help of ADEL; Idea behind the system; Implementation and system workflow; Working with ADEL; Movement profiles; Apple iOS; Getting the Keychain from a jailbroken iDevice
  • Manual Examination with libimobiledeviceSummary; Chapter 7: Using Python for Memory Forensics; Understanding Volatility basics; Using Volatility on Android; LiME and the recovery image; Volatility for Android; Reconstructing data for Android; Call history; Keyboard cache; Using Volatility on Linux; Memory acquisition; Volatility for Linux; Reconstructing data for Linux; Analyzing processes and modules; Analyzing networking information; Malware hunting with the help of YARA; Summary; Where to go from here; Index

Ejemplares similares