Learning python for forensics learn the art of designing, developing, and deploying innovative forensic solutions through Python
Learn the art of designing, developing, and deploying innovative forensic solutions through Python About This Book This practical guide will help you solve forensic dilemmas through the development of Python scripts Analyze Python scripts to extract metadata and investigate forensic artifacts Master...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, [England] ; Mumbai, [India] :
Packt Publishing
2016.
|
| Edición: | 1st edition |
| Colección: | Community experience distilled.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630164506719 |
Tabla de Contenidos:
- Cover
- Copyright
- Credits
- About the Authors
- Acknowledgments
- About the Reviewer
- www.PacktPub.com
- Table of Contents
- Preface
- Chapter 1: Now For Something Completely Different
- When to use Python?
- Getting started
- Standard data types
- Strings and Unicode
- Integers and floats
- Booleans and None
- Structured data types
- Lists
- Dictionaries
- Sets and tuples
- Data type conversions
- Files
- Variables
- Understanding scripting flow logic
- Conditionals
- Loops
- For
- While
- Functions
- Summary
- Chapter 2: Python Fundamentals
- Advanced data types and functions
- Iterators
- Datetime objects
- Libraries
- Installing third-party libraries
- Libraries in this book
- Python packages
- Classes and object-oriented programming
- Try and except
- Raise
- Creating our first script - unix_converter.py
- User input
- Using the raw input method and the system module - user_input.py
- Understanding Argparse - argument_parser.py
- Forensic scripting best practices
- Developing our first forensic script - usb_lookup.py
- Understanding the main() function
- Exploring the getRecord() function
- Interpreting the searchKey() function
- Running our first forensic script
- Troubleshooting
- Challenge
- Summary
- Chapter 3: Parsing Text Files
- Setup API
- Introducing our script
- Overview
- Our first iteration - setupapi_parser.v1.py
- Designing the main() function
- Crafting the parseSetupapi() function
- Developing the printOutput() function
- Running the script
- Our second iteration - setupapi_parser.v2.py
- Improving the main() function
- Tuning the parseSetupapi() function
- Modifying the printOutput() function
- Running the script
- Our final iteration - setupapi_parser.py
- Extending the main() function
- Adding to the parseSetupapi() function.
- Creating the parseDeviceInfo() function
- Forming the prepUSBLookup() function
- Constructing the getDeviceNames() function
- Enhancing the printOutput() function
- Running the script
- Additional challenges
- Summary
- Chapter 4: Working with Serialized Data Structures
- Serialized data structures
- A simple Bitcoin Web API
- Our first iteration - bitcoin_address_lookup.v1.py
- Exploring the main() function
- Understanding the getAddress() function
- Working with the printTransactions() function
- The printHeader() helper function
- The getInputs() helper function
- Running the script
- Our second iteration - bitcoin_address_lookup.v2.py
- Modifying the main() function
- Improving the getAddress() function
- Elaborating on the printTransactions() function
- Running the script
- Mastering our final iteration - bitcoin_address_lookup.py
- Enhancing the parseTransactions() function
- Developing the csvWriter() function
- Running the script
- Additional challenges
- Summary
- Chapter 5: Databases in Python
- An overview of databases
- Using SQLite3
- Using the Structured Query Language
- Designing our script
- Manually manipulating databases with Python - file_lister.py
- Building the main() function
- Initializing the database with the initDB() function
- Checking for custodians with the getOrAddCustodian() function
- Retrieving custodians with the getCustodian() function
- Understanding the ingestDirectory() function
- Exploring the os.stat() method
- Developing the formatTimestamp() helper function
- Configuring the writeOutput() function
- Designing the writeCSV() function
- Composing the writeHTML() function
- Running the script
- Further automating databases - file_lister_peewee.py
- Peewee setup
- Jinja2 setup
- Updating the main() function
- Adjusting the initDB() function.
- Modifying the getOrAddCustodian() function
- Improving the ingestDirectory() function
- A closer look at the formatTimestamp() function
- Converting the writeOutput() function
- Simplifying the writeCSV() function
- Condensing the writeHTML() function
- Running our new and improved script
- Challenge
- Summary
- Chapter 6: Extracting Artifacts from Binary Files
- UserAssist
- Understanding the ROT-13 substitution cipher - rot13.py
- Evaluating code with timeit
- Working with the Registry module
- Introducing the Struct module
- Creating spreadsheets with the xlsxwriter module
- Adding data to a spreadsheet
- Building a table
- Creating charts with Python
- The UserAssist framework
- Developing our UserAssist logic processor - userassist.py
- Evaluating the main() function
- Defining the createDictionary() function
- Extracting data with the parseValues() function
- Processing strings with the getName() function
- Writing Excel spreadsheets - xlsx_writer.py
- Controlling output with the excelWriter() function
- Summarizing data with the dashboardWriter() function
- Writing artifacts in the userassistWriter() function
- Defining the fileTime() function
- Processing integers with the sortByCount() function
- Processing DateTime objects with the sortByDate() function
- Writing generic spreadsheets - csv_writer.py
- Understanding the csvWriter() function
- Running the UserAssist framework
- Additional challenges
- Summary
- Chapter 7: Fuzzy Hashing
- Background on hashing
- Hashing files in Python
- Deep dive into rolling hashes
- Implementing rolling hashes - hashing_example.py
- Limitations of rolling hashes
- Exploring fuzzy hashing - fuzzy_hasher.py
- Starting with the main function
- Working with files in the fileController() function
- Working with directories in the directoryController() function.
- Generating fuzzy hashes with the fuzzFile() function
- Exploring the compareFuzzies() function
- Creating reports with the writer() function
- Running the first iteration
- Using SSDeep in Python - ssdeep_python.py
- Revisiting the main() function
- The new fileController() function
- Repurposing the directoryController() function
- Demonstrating changes in the writer() function
- Running the second iteration
- Additional challenges
- Citations
- Summary
- Chapter 8: The Media Age
- Creating frameworks in Python
- Introduction to EXIF metadata
- Introducing the Pillow module
- Introduction to ID3 metadata
- Introducing the Mutagen module
- Introduction to Office metadata
- Introducing the lxml module
- Metadata_Parser framework overview
- Our main framework controller - metadata_parser.py
- Controlling our framework with the main() function
- Parsing EXIF metadata - exif_parser.py
- Understanding the exifParser() function
- Developing the getTags() function
- Adding the dmsToDecimal() function
- Parsing ID3 metdata - id3_parser.py
- Understanding the id3Parser() function
- Revisiting the getTags() function
- Parsing Office metadata - office_parser.py
- Evaluating the officeParser() function
- The getTags() function for the last time
- Moving on to our writers
- Writing spreadsheets - csv_writer.py
- Plotting GPS data with Google Earth - kml_writer.py
- Supporting our framework with processors
- Creating framework-wide utility functions - utility.py
- Framework summary
- Additional challenges
- Summary
- Chapter 9: Uncovering Time
- About timestamps
- What is epoch?
- Using a GUI
- Basics of Tkinter objects
- Implementation of the Tkinter GUI
- Using Frame objects
- Using classes in Tkinter
- Developing the Date Decoder GUI - date_decoder.py
- The DateDecoder class setup and __init__() method.
- Executing the run() method
- Implementing the buildInputFrame() method
- Creating the buildOutputFrame() method
- Building the convert() method
- Defining the convert_unix_seconds() method
- Conversion using the convertWindowsFiletime_64() method
- Converting with the convertChromeTimestamps() method
- Designing the output method
- Running the script
- Additional challenges
- Summary
- Chapter 10: Did Someone Say Keylogger?
- A detailed look at keyloggers
- Hardware keyloggers
- Software keyloggers
- Detecting malicious processes
- Building a keylogger for Windows
- Using the Windows API
- PyWin32
- PyHooks
- WMI
- Monitoring keyboard events
- Capturing screenshots
- Capturing the clipboard
- Monitoring processes
- Multiprocessing in Python - simple_multiprocessor.py
- Running Python without a command window
- Exploring the code
- Capturing the screen
- Capturing the clipboard
- Capturing the keyboard
- Keylogger controllers
- Capturing processes
- Understanding the main() function
- Running the script
- Citations
- Additional challenges
- Summary
- Chapter 11: Parsing Outlook PST Containers
- The Personal Storage Table File Format
- An introduction to libpff
- How to install libpff and pypff
- Exploring PSTs - pst_indexer.py
- An overview
- Developing the main() function
- Evaluating the makePath() helper function
- Iteration with the folderTraverse() function
- Identifying messages with the checkForMessages() function
- Processing messages in the processMessage() function
- Summarizing data in the folderReport() function
- Understanding the wordStats() function
- Creating the wordReport() function
- Building the senderReport() function
- Refining the heat map with the dateReport() function
- Writing the HTMLReport() function
- The HTML template
- Running the script
- Additional challenges.
- Summary.
