舉報 
會員
Learning Python for Forensics
Digitalforensicsplaysanintegralroleinsolvingcomplexcybercrimesandhelpingorganizationsmakesenseofcybersecurityincidents.ThissecondeditionofLearningPythonforForensicsillustrateshowPythoncanbeusedtosupportthesedigitalinvestigationsandpermitstheexaminertoautomatetheparsingofforensicartifactstospendmoretimeexaminingactionabledata.ThesecondeditionofLearningPythonforForensicswillillustratehowtodevelopPythonscriptsusinganiterativedesign.Further,itdemonstrateshowtoleveragethevariousbuilt-inandcommunity-sourcedforensicsscriptsandlibrariesavailableforPythontoday.Thisbookwillhelpstrengthenyouranalysisskillsandefficiencyasyoucreativelysolvereal-worldproblemsthroughinstruction-basedtutorials.Bytheendofthisbook,youwillbuildacollectionofPythonscriptscapableofinvestigatinganarrayofforensicartifactsandmastertheskillsofextractingmetadataandparsingcomplexdatastructuresintoactionablereports.Mostimportantly,youwillhavedevelopedafoundationuponwhichtobuildasyoucontinuetolearnPythonandenhanceyourefficacyasaninvestigator.
最新章節(jié)
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Summary
- Additional challenges
- Executing the framework
- Changes made to plugins
品牌:中圖公司
上架時間:2021-08-20 09:47:49
出版社:Packt Publishing
本書數(shù)字版權(quán)由中圖公司提供,并由其授權(quán)上海閱文信息技術(shù)有限公司制作發(fā)行
- Leave a review - let other readers know what you think 更新時間:2021-08-20 10:17:57
- Other Books You May Enjoy
- Summary
- Additional challenges
- Executing the framework
- Changes made to plugins
- The writer – xlsx_writer.py
- Our Final CSV writer – csv_writer.py
- Understanding the Writer run() method
- Understanding the Writer __init__() constructor
- Exploring the Writer object
- Handling output with the Plugin write() method
- Working with the Plugin run() method
- Understanding the Plugin __init__() constructor
- Exploring the Plugin object
- Developing the Framework _run_plugins() method
- Iterating through files with the Framework _list_files() method
- Creating the Framework run() method
- Understanding the Framework __init__() constructor
- Exploring the Framework object
- Exploring the framework – framework.py
- FIGlet
- Colorama
- Forensic frameworks
- Data standardization
- Building a framework to last
- Frameworks
- Coming Full Circle
- Summary
- Challenge
- Executing wal_crawler.py
- Using regular expression in the regular_search() function
- Writing output with the csv_writer() function
- Converting serial types with the type_helper() function
- Processing varints with the multi_varint() function
- Processing varints with the single_varint() function
- The Python debugger – pdb
- Writing the dict_helper() function
- Processing cells with the cell_parser() function
- Developing the frame_parser() function
- Understanding the main() function
- Parsing WAL files – wal_crawler.py
- TQDM – a simpler progress bar
- Regular expressions in Python
- Manipulating large objects in Python
- The WAL cell and varints
- The WAL frame
- The WAL header
- WAL format and technical specifications
- SQLite WAL files
- Recovering Transient Database Records
- Summary
- Additional challenges
- Running the script
- The HTML template
- Writing the html_report() function
- Refining the heat map with the date_report() function
- Building the sender_report() function
- Creating the word_report() function
- Understanding the word_stats() function
- Summarizing data in the folder_report() function
- Processing messages in the process_msg() function
- Identifying messages with the check_for_msgs() function
- Iteration with the folder_traverse() function
- Evaluating the make_path() helper function
- Developing the main() function
- An overview
- Exploring PSTs – pst_indexer.py
- How to install libpff and pypff
- An introduction to libpff
- The PST file format
- Parsing Outlook PST Containers
- Summary
- Challenges
- Executing pysysinfo.py
- Writing our results with the csv_writer() function
- Extracting Windows system information with the wmi_info() function
- Obtaining more process information with the read_proc_files() function
- Extracting process connection properties with the read_proc_connections() function
- Learning about the get_pid_details() function
- Understanding the get_process_info() function
- Rapidly triaging systems – pysysinfo.py
- What does the pywin32 module do?
- Using WMI
- Querying OS-agnostic process information with psutil
- Understanding the value of system information
- Rapidly Triaging Systems
- Summary
- Additional challenges
- Running the script
- Designing the output method
- Converting with the convert_chrome_time() method
- Conversion using the convert_win_filetime_64() method
- Defining the convert_unix_seconds() method
- Building the convert() method
- Creating the build_output_frame() method
- Implementing the build_input_frame() method
- Executing the run() method
- The DateDecoder class setup and __init__() method
- Developing the date decoder GUI – date_decoder.py
- Using classes in TkInter
- Using frame objects
- Implementing the TkInter GUI
- Basics of TkInter objects
- Using a GUI
- What's an epoch?
- About timestamps
- Uncovering Time
- Summary
- Additional challenges
- Framework summary
- Creating framework-wide utility functions – utility.py
- Supporting our framework with processors
- Plotting GPS data with Google Earth – kml_writer.py
- Writing spreadsheets – csv_writer.py
- Moving on to our writers
- The get_tags() function for the last time
- Evaluating the office_parser() function
- Parsing Office metadata – office_parser.py
- Revisiting the get_tags() function
- Understanding the id3_parser() function
- Parsing ID3 metdata – id3_parser.py
- Adding the dms_to_decimal() function
- Developing the get_tags() function
- Understanding the exif_parser() function
- Parsing EXIF metadata – exif_parser.py
- Controlling our framework with the main() function
- Our main framework controller – metadata_parser.py
- The Metadata_Parser framework overview
- Introducing the lxml module
- Introduction to Office metadata
- Introducing the Mutagen module
- Introduction to ID3 metadata
- Introducing the Pillow module
- Introduction to EXIF metadata
- Creating frameworks in Python
- The Media Age
- Summary
- References
- Additional challenges
- Running ssdeep_python.py
- Redesigning our output() function
- Revisiting the main() function
- Using ssdeep in Python – ssdeep_python.py
- Running fuzzy_hasher.py
- Providing the output
- Preparing signature generation
- Generating our rolling hash
- Creating our fuzzy hashes
- Starting with the main() function
- Implementing fuzzy_hasher.py
- Context Triggered Piecewise Hashing (CTPH)
- Creating fuzzy hashes
- Hashing large files – hashing_example.py
- Hashing files in Python
- Background on hashing
- Fuzzy Hashing
- Summary
- Challenge
- Running the UserAssist framework
- Understanding the csv_writer() function
- Writing generic spreadsheets – csv_writer.py
- Processing datetime objects with the sort_by_date() function
- Processing integers with the sort_by_count() function
- Defining the file_time() function
- Writing artifacts in the userassist_writer() function
- Summarizing data with the dashboard_writer() function
- Controlling output with the excel_writer() function
- Writing Excel spreadsheets – xlsx_writer.py
- Processing strings with the get_name() function
- Extracting data with the parse_values() function
- Defining the create_dictionary() function
- Evaluating the main() function
- Developing our UserAssist logic processor – userassist_parser.py
- The UserAssist framework
- Creating charts with Python
- Building a table
- Adding data to a spreadsheet
- Creating spreadsheets with the xlsxwriter module
- Introducing the struct module
- Working with the yarp library
- Evaluating code with timeit
- Understanding the ROT-13 substitution cipher – rot13.py
- UserAssist
- Extracting Artifacts from Binary Files
- Summary
- Challenge
- Running our new and improved script
- Condensing the write_html() function
- Simplifying the write_csv() function
- Converting the write_output() function
- A closer look at the format_timestamp() function
- Improving the ingest_directory() function
- Modifying the get_or_add_custodian() function
- Adjusting the init_db() function
- Updating the main() function
- Jinja2 setup
- Peewee setup
- Automating databases further – file_lister_peewee.py
- Running the script
- Composing the write_html() function
- Designing the write_csv() function
- Configuring the write_output() function
- Developing the format_timestamp() helper function
- Exploring the os.stat() method
- Understanding the ingest_directory() function
- Retrieving custodians with the get_custodian() function
- Checking for custodians with the get_or_add_custodian() function
- Initializing the database with the init_db() function
- Building the main() function
- Manually manipulating databases with Python – file_lister.py
- Designing our script
- Using SQL
- Using SQLite3
- An overview of databases
- Databases in Python
- Summary
- Challenge
- Running the script
- Developing the csv_writer() function
- Enhancing the parse_transactions() function
- Mastering our final iteration – bitcoin_address_lookup.py
- Running the script
- Elaborating on the print_transactions() function
- Improving the get_address() function
- Modifying the main() function
- Our second iteration – bitcoin_address_lookup.v2.py
- Running the script
- The get_inputs() helper function
- The print_header() helper function
- Working with the print_transactions() function
- Understanding the get_address() function
- Exploring the main() function
- Our first iteration – bitcoin_address_lookup.v1.py
- A simple Bitcoin web API
- Serialized data structures
- Working with Serialized Data Structures
- Summary
- Challenge
- Running the script
- Enhancing the print_output() function
- Constructing the get_device_names() function
- Forming the prep_usb_lookup() function
- Creating the parse_device_info() function
- Adding to the parse_setup_api() function
- Extending the main() function
- Our final iteration – setupapi_parser.py
- Running the script
- Modifying the print_output() function
- Tuning the parse_setupapi() function
- Improving the main() function
- Our second iteration – setupapi_parser_v2.py
- Running the script
- Developing the print_output() function
- Crafting the parse_setupapi() function
- Designing the main() function
- Our first iteration – setupapi_parser_v1.py
- Overview
- Introducing our script
- Setup API
- Parsing Text Files
- Summary
- Challenge
- Troubleshooting
- Running our first forensic script
- Interpreting the search_key() function
- Understanding the main() function
- Developing our first forensic script – usb_lookup.py
- Forensic scripting best practices
- Understanding Argparse – argument_parser.py
- Using the raw input method and the system module – user_input.py
- User input
- Creating our first script – unix_converter.py
- The raise function
- Try and except
- Classes and object-oriented programming
- Python packages
- Libraries in this book
- Installing third-party libraries
- Libraries
- datetime objects
- Iterators
- Advanced data types and functions
- Python Fundamentals
- Summary
- Functions
- The while loop
- The for loop
- Loops
- Conditionals
- Understanding scripting flow logic
- Variables
- Files
- Data type conversions
- Sets and tuples
- Dictionaries
- Lists
- Structured data types
- Boolean and none
- Integers and floats
- Strings and Unicode
- Standard data types
- The omnipresent print() function
- Getting started
- Development life cycle
- When to use Python
- Now for Something Completely Different
- Reviews
- Get in touch
- Conventions used
- Download the color images
- Download the example code files
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewer
- About the authors
- Contributors
- Packt.com
- Why subscribe?
- About Packt
- Learning Python for Forensics Second Edition
- Copyright and Credits
- Title Page
- coverpage
- coverpage
- Title Page
- Copyright and Credits
- Learning Python for Forensics Second Edition
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the authors
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Now for Something Completely Different
- When to use Python
- Development life cycle
- Getting started
- The omnipresent print() function
- Standard data types
- Strings and Unicode
- Integers and floats
- Boolean and none
- Structured data types
- Lists
- Dictionaries
- Sets and tuples
- Data type conversions
- Files
- Variables
- Understanding scripting flow logic
- Conditionals
- Loops
- The for loop
- The while loop
- Functions
- Summary
- Python Fundamentals
- Advanced data types and functions
- Iterators
- datetime objects
- Libraries
- Installing third-party libraries
- Libraries in this book
- Python packages
- Classes and object-oriented programming
- Try and except
- The raise function
- Creating our first script – unix_converter.py
- User input
- Using the raw input method and the system module – user_input.py
- Understanding Argparse – argument_parser.py
- Forensic scripting best practices
- Developing our first forensic script – usb_lookup.py
- Understanding the main() function
- Interpreting the search_key() function
- Running our first forensic script
- Troubleshooting
- Challenge
- Summary
- Parsing Text Files
- Setup API
- Introducing our script
- Overview
- Our first iteration – setupapi_parser_v1.py
- Designing the main() function
- Crafting the parse_setupapi() function
- Developing the print_output() function
- Running the script
- Our second iteration – setupapi_parser_v2.py
- Improving the main() function
- Tuning the parse_setupapi() function
- Modifying the print_output() function
- Running the script
- Our final iteration – setupapi_parser.py
- Extending the main() function
- Adding to the parse_setup_api() function
- Creating the parse_device_info() function
- Forming the prep_usb_lookup() function
- Constructing the get_device_names() function
- Enhancing the print_output() function
- Running the script
- Challenge
- Summary
- Working with Serialized Data Structures
- Serialized data structures
- A simple Bitcoin web API
- Our first iteration – bitcoin_address_lookup.v1.py
- Exploring the main() function
- Understanding the get_address() function
- Working with the print_transactions() function
- The print_header() helper function
- The get_inputs() helper function
- Running the script
- Our second iteration – bitcoin_address_lookup.v2.py
- Modifying the main() function
- Improving the get_address() function
- Elaborating on the print_transactions() function
- Running the script
- Mastering our final iteration – bitcoin_address_lookup.py
- Enhancing the parse_transactions() function
- Developing the csv_writer() function
- Running the script
- Challenge
- Summary
- Databases in Python
- An overview of databases
- Using SQLite3
- Using SQL
- Designing our script
- Manually manipulating databases with Python – file_lister.py
- Building the main() function
- Initializing the database with the init_db() function
- Checking for custodians with the get_or_add_custodian() function
- Retrieving custodians with the get_custodian() function
- Understanding the ingest_directory() function
- Exploring the os.stat() method
- Developing the format_timestamp() helper function
- Configuring the write_output() function
- Designing the write_csv() function
- Composing the write_html() function
- Running the script
- Automating databases further – file_lister_peewee.py
- Peewee setup
- Jinja2 setup
- Updating the main() function
- Adjusting the init_db() function
- Modifying the get_or_add_custodian() function
- Improving the ingest_directory() function
- A closer look at the format_timestamp() function
- Converting the write_output() function
- Simplifying the write_csv() function
- Condensing the write_html() function
- Running our new and improved script
- Challenge
- Summary
- Extracting Artifacts from Binary Files
- UserAssist
- Understanding the ROT-13 substitution cipher – rot13.py
- Evaluating code with timeit
- Working with the yarp library
- Introducing the struct module
- Creating spreadsheets with the xlsxwriter module
- Adding data to a spreadsheet
- Building a table
- Creating charts with Python
- The UserAssist framework
- Developing our UserAssist logic processor – userassist_parser.py
- Evaluating the main() function
- Defining the create_dictionary() function
- Extracting data with the parse_values() function
- Processing strings with the get_name() function
- Writing Excel spreadsheets – xlsx_writer.py
- Controlling output with the excel_writer() function
- Summarizing data with the dashboard_writer() function
- Writing artifacts in the userassist_writer() function
- Defining the file_time() function
- Processing integers with the sort_by_count() function
- Processing datetime objects with the sort_by_date() function
- Writing generic spreadsheets – csv_writer.py
- Understanding the csv_writer() function
- Running the UserAssist framework
- Challenge
- Summary
- Fuzzy Hashing
- Background on hashing
- Hashing files in Python
- Hashing large files – hashing_example.py
- Creating fuzzy hashes
- Context Triggered Piecewise Hashing (CTPH)
- Implementing fuzzy_hasher.py
- Starting with the main() function
- Creating our fuzzy hashes
- Generating our rolling hash
- Preparing signature generation
- Providing the output
- Running fuzzy_hasher.py
- Using ssdeep in Python – ssdeep_python.py
- Revisiting the main() function
- Redesigning our output() function
- Running ssdeep_python.py
- Additional challenges
- References
- Summary
- The Media Age
- Creating frameworks in Python
- Introduction to EXIF metadata
- Introducing the Pillow module
- Introduction to ID3 metadata
- Introducing the Mutagen module
- Introduction to Office metadata
- Introducing the lxml module
- The Metadata_Parser framework overview
- Our main framework controller – metadata_parser.py
- Controlling our framework with the main() function
- Parsing EXIF metadata – exif_parser.py
- Understanding the exif_parser() function
- Developing the get_tags() function
- Adding the dms_to_decimal() function
- Parsing ID3 metdata – id3_parser.py
- Understanding the id3_parser() function
- Revisiting the get_tags() function
- Parsing Office metadata – office_parser.py
- Evaluating the office_parser() function
- The get_tags() function for the last time
- Moving on to our writers
- Writing spreadsheets – csv_writer.py
- Plotting GPS data with Google Earth – kml_writer.py
- Supporting our framework with processors
- Creating framework-wide utility functions – utility.py
- Framework summary
- Additional challenges
- Summary
- Uncovering Time
- About timestamps
- What's an epoch?
- Using a GUI
- Basics of TkInter objects
- Implementing the TkInter GUI
- Using frame objects
- Using classes in TkInter
- Developing the date decoder GUI – date_decoder.py
- The DateDecoder class setup and __init__() method
- Executing the run() method
- Implementing the build_input_frame() method
- Creating the build_output_frame() method
- Building the convert() method
- Defining the convert_unix_seconds() method
- Conversion using the convert_win_filetime_64() method
- Converting with the convert_chrome_time() method
- Designing the output method
- Running the script
- Additional challenges
- Summary
- Rapidly Triaging Systems
- Understanding the value of system information
- Querying OS-agnostic process information with psutil
- Using WMI
- What does the pywin32 module do?
- Rapidly triaging systems – pysysinfo.py
- Understanding the get_process_info() function
- Learning about the get_pid_details() function
- Extracting process connection properties with the read_proc_connections() function
- Obtaining more process information with the read_proc_files() function
- Extracting Windows system information with the wmi_info() function
- Writing our results with the csv_writer() function
- Executing pysysinfo.py
- Challenges
- Summary
- Parsing Outlook PST Containers
- The PST file format
- An introduction to libpff
- How to install libpff and pypff
- Exploring PSTs – pst_indexer.py
- An overview
- Developing the main() function
- Evaluating the make_path() helper function
- Iteration with the folder_traverse() function
- Identifying messages with the check_for_msgs() function
- Processing messages in the process_msg() function
- Summarizing data in the folder_report() function
- Understanding the word_stats() function
- Creating the word_report() function
- Building the sender_report() function
- Refining the heat map with the date_report() function
- Writing the html_report() function
- The HTML template
- Running the script
- Additional challenges
- Summary
- Recovering Transient Database Records
- SQLite WAL files
- WAL format and technical specifications
- The WAL header
- The WAL frame
- The WAL cell and varints
- Manipulating large objects in Python
- Regular expressions in Python
- TQDM – a simpler progress bar
- Parsing WAL files – wal_crawler.py
- Understanding the main() function
- Developing the frame_parser() function
- Processing cells with the cell_parser() function
- Writing the dict_helper() function
- The Python debugger – pdb
- Processing varints with the single_varint() function
- Processing varints with the multi_varint() function
- Converting serial types with the type_helper() function
- Writing output with the csv_writer() function
- Using regular expression in the regular_search() function
- Executing wal_crawler.py
- Challenge
- Summary
- Coming Full Circle
- Frameworks
- Building a framework to last
- Data standardization
- Forensic frameworks
- Colorama
- FIGlet
- Exploring the framework – framework.py
- Exploring the Framework object
- Understanding the Framework __init__() constructor
- Creating the Framework run() method
- Iterating through files with the Framework _list_files() method
- Developing the Framework _run_plugins() method
- Exploring the Plugin object
- Understanding the Plugin __init__() constructor
- Working with the Plugin run() method
- Handling output with the Plugin write() method
- Exploring the Writer object
- Understanding the Writer __init__() constructor
- Understanding the Writer run() method
- Our Final CSV writer – csv_writer.py
- The writer – xlsx_writer.py
- Changes made to plugins
- Executing the framework
- Additional challenges
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-08-20 10:17:57
