Python digital forensics cookbook : effective Python recipes for digital investigations

Python digital forensics cookbook effective Python recipes for digital investigations

Over 60 recipes to help you learn digital forensics and leverage Python scripts to amplify your examinations About This Book Develop code that extracts vital information from everyday forensic acquisitions. Increase the quality and efficiency of your forensic analysis. Leverage the latest resources...

Descripción completa

Detalles Bibliográficos
Otros Autores: Miller, Preston, author (author), Bryce, Chapin, author
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, England : Packt 2017.
Edición:1st edition
Materias:
Python (Computer program language)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630489506719
Tabla de Contenidos:
  • Cover
  • Copyright
  • Credits
  • About the Authors
  • About the Reviewer
  • www.PacktPub.com
  • Customer Feedback
  • Dedication
  • Table of Contents
  • Preface
  • Chapter 1: Essential Scripting and File Information Recipes
  • Introduction
  • Handling arguments like an adult
  • Getting started
  • How to do it…
  • How it works…
  • There's more…
  • Iterating over loose files
  • Getting started
  • How to do it…
  • How it works…
  • There's more…
  • Recording file attributes
  • Getting started
  • How to do it…
  • How it works…
  • There's more…
  • Copying files, attributes, and timestamps
  • Getting started
  • How to do it…
  • How it works…
  • There's more…
  • Hashing files and data streams
  • Getting started
  • How to do it…
  • How it works…
  • Keeping track with a progress bar
  • Getting started
  • How it works…
  • There's more…
  • Logging results
  • Getting started
  • How to do it…
  • How it works…
  • There's more…
  • Multiple hands make light work
  • Getting started
  • How to do it…
  • How it works…
  • There's more…
  • Chapter 2: Creating Artifact Report Recipes
  • Introduction
  • Using HTML templates
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Creating a paper trail
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Working with CSVs
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Visualizing events with Excel
  • Getting started
  • How to do it...
  • How it works...
  • Auditing your work
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Chapter 3: A Deep Dive into Mobile Forensic Recipes
  • Introduction
  • Parsing PLIST files
  • Getting started
  • How to do it...
  • How it works...
  • There's more…
  • Handling SQLite databases
  • Getting started
  • How to do it...
  • How it works...
  • Identifying gaps in SQLite databases.
  • Getting started
  • How to do it...
  • How it works...
  • See also
  • Processing iTunes backups
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Putting Wi-Fi on the map
  • Getting started
  • How to do it...
  • How it works...
  • Digging deep to recover messages
  • Getting started
  • How to do it...
  • How it works...
  • There's more…
  • Chapter 4: Extracting Embedded Metadata Recipes
  • Introduction
  • Extracting audio and video metadata
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • The big picture
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Mining for PDF metadata
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Reviewing executable metadata
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Reading office document metadata
  • Getting started
  • How to do it...
  • How it works...
  • Integrating our metadata extractor with EnCase
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Chapter 5: Networking and Indicators of Compromise Recipes
  • Introduction
  • Getting a jump start with IEF
  • Getting started
  • How to do it...
  • How it works...
  • Coming into contact with IEF
  • Getting started
  • How to do it...
  • How it works...
  • Beautiful Soup
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Going hunting for viruses
  • Getting started
  • How to do it...
  • How it works...
  • Gathering intel
  • Getting started
  • How to do it...
  • How it works...
  • Totally passive
  • Getting started
  • How to do it...
  • How it works...
  • Chapter 6: Reading Emails and Taking Names Recipes
  • Introduction
  • Parsing EML files
  • Getting started
  • How to do it...
  • How it works...
  • Viewing MSG files
  • Getting started
  • How to do it.
  • How it works...
  • There's more...
  • See also
  • Ordering Takeout
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • What's in the box?!
  • Getting started
  • How to do it...
  • How it works...
  • Parsing PST and OST mailboxes
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • See also
  • Chapter 7: Log-Based Artifact Recipes
  • Introduction
  • About time
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Parsing IIS web logs with RegEx
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Going spelunking
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Interpreting the daily.out log
  • Getting started
  • How to do it...
  • How it works...
  • Adding daily.out parsing to Axiom
  • Getting started
  • How to do it...
  • How it works...
  • Scanning for indicators with YARA
  • Getting started
  • How to do it...
  • How it works...
  • Chapter 8: Working with Forensic Evidence Container Recipes
  • Introduction
  • Opening acquisitions
  • Getting started
  • How to do it...
  • How it works...
  • Gathering acquisition and media information
  • Getting started
  • How to do it...
  • How it works...
  • Iterating through files
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Processing files within the container
  • Getting started
  • How to do it...
  • How it works...
  • Searching for hashes
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Chapter 9: Exploring Windows Forensic Artifacts Recipes - Part I
  • Introduction
  • One man's trash is a forensic examiner's treasure
  • Getting started
  • How to do it...
  • How it works...
  • A sticky situation
  • Getting started
  • How to do it...
  • How it works...
  • Reading the registry
  • Getting started
  • How to do it.
  • How it works...
  • There's more...
  • Gathering user activity
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • The missing link
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Searching high and low
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Chapter 10: Exploring Windows Forensic Artifacts Recipes - Part II
  • Introduction
  • Parsing prefetch files
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • A series of fortunate events
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Indexing internet history
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Shadow of a former self
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Dissecting the SRUM database
  • Getting started
  • How to do it...
  • How it works...
  • There's more...
  • Conclusion
  • Index.

Ejemplares similares