Python Digital Forensics Cookbook

图书信息

作者	Preston Miller,Chapin Bryce
出版社	Packt Publishing
ISBN	9781783987474
出版时间	2017-09-26
字数	51.5万
分类	Packt Publishing,进口书,外文原版书,电脑,网络

读书简介

Over 60 recipes to help you learn digital forensics and leverage Python *s to amplify your examinations About This Book ? Develop code that extracts vital information from everyday forensic acquisitions. ? Increase the quality and efficiency of your forensic analysis. ? Leverage the latest resources and capabilities available to the forensic community. Who This Book Is For If you are a digital forensics examiner, cyber security specialist, or analyst at heart, understand the basics of Python, and want to take it to the next level, this is the book for you. Along the way, you will be introduced to a number of libraries suitable for parsing forensic artifacts. Readers will be able to use and build upon the *s we develop to elevate their analysis. What You Will Learn ? Understand how Python can enhance digital forensics and investigations ? Learn to access the contents of, and process, forensic evidence containers ? Explore malware through automated static analysis ? Extract and review message contents from a variety of email formats ? Add depth and context to discovered IP addresses and domains through various Application Program Interfaces (APIs) ? Delve into mobile forensics and recover deleted messages from SQLite databases ? Index large logs into a platform to better query and visualize datasets In Detail Technology plays an increasingly large role in our daily lives and shows no sign of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets. By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations. Throughout the Python Digital Forensics Cookbook, recipes include topics such as working with forensic evidence containers, parsing mobile and desktop operating system artifacts, extracting embedded metadata from documents and executables, and identifying indicators of compromise. You will also learn to integrate *s with Application Program Interfaces (APIs) such as VirusTotal and PassiveTotal, and tools such as Axiom, Cellebrite, and EnCase. By the end of the book, you will have a sound understanding of Python and how you can use it to process artifacts in your investigations. Style and approach Our succinct recipes take a no-frills approach to solving common challenges faced in investigations. The code in this book covers a wide range of artifacts and data sources. These examples will help improve the accuracy and efficiency of your analysis—no matter the situation.

目录

Title Page

Copyright

Python Digital Forensics Cookbook

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Dedication

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Essential Scripting and File Information Recipes

Introduction

Handling arguments like an adult

Getting started

How to do it…

How it works…

There's more…

Iterating over loose files

Getting started

How to do it…

How it works…

There's more…

Recording file attributes

Getting started

How to do it…

How it works…

There's more…

Copying files, attributes, and timestamps

Getting started

How to do it…

How it works…

There's more…

Hashing files and data streams

Getting started

How to do it…

How it works…

There's more…

Keeping track with a progress bar

Getting started

How to do it…

How it works…

There's more…

Logging results

Getting started

How to do it…

How it works…

There’s more…

Multiple hands make light work

Getting started

How to do it…

How it works…

There's more…

Creating Artifact Report Recipes

Introduction

Using HTML templates

Getting started

How to do it...

How it works...

There's more...

Creating a paper trail

Getting started

How to do it...

How it works...

There's more...

Working with CSVs

Getting started

How to do it...

How it works...

There's more...

Visualizing events with Excel

Getting started

How to do it...

How it works...

Auditing your work

Getting started

How to do it...

How it works...

There's more...

A Deep Dive into Mobile Forensic Recipes

Introduction

Parsing PLIST files

Getting started

How to do it...

How it works...

There's more…

Handling SQLite databases

Getting started

How to do it...

How it works...

Identifying gaps in SQLite databases

Getting started

How to do it...

How it works...

See also

Processing iTunes backups

Getting started

How to do it...

How it works...

There's more...

Putting Wi-Fi on the map

Getting started

How to do it...

How it works...

Digging deep to recover messages

Getting started

How to do it...

How it works...

There's more…

Extracting Embedded Metadata Recipes

Introduction

Extracting audio and video metadata

Getting started

How to do it...

How it works...

There's more...

The big picture

Getting started

How to do it...

How it works...

There's more...

Mining for PDF metadata

Getting started

How to do it...

How it works...

There's more...

Reviewing executable metadata

Getting started

How to do it...

How it works...

There's more...

Reading office document metadata

Getting started

How to do it...

How it works...

Integrating our metadata extractor with EnCase

Getting started

How to do it...

How it works...

There's more...

Networking and Indicators of Compromise Recipes

Introduction

Getting a jump start with IEF

Getting started

How to do it...

How it works...

Coming into contact with IEF

Getting started

How to do it...

How it works...

Beautiful Soup

Getting started

How to do it...

How it works...

There's more...

Going hunting for viruses

Getting started

How to do it...

How it works...

Gathering intel

Getting started

How to do it...

How it works...

Totally passive

Getting started

How to do it...

How it works...

Reading Emails and Taking Names Recipes

Introduction

Parsing EML files

Getting started

How to do it...

How it works...

Viewing MSG files

Getting started

How to do it...

How it works...

There’s more...

See also

Ordering Takeout

Getting started

How to do it...

How it works...

There’s more...

What’s in the box?!

Getting started

How to do it...

How it works...

Parsing PST and OST mailboxes

Getting started

How to do it...

How it works...

There’s more...

See also

Log-Based Artifact Recipes

Introduction

About time

Getting started

How to do it...

How it works...

There's more...

Parsing IIS web logs with RegEx

Getting started

How to do it...

How it works...

There's more...

Going spelunking

Getting started

How to do it...

How it works...

There's more...

Interpreting the daily.out log

Getting started

How to do it...

How it works...

Adding daily.out parsing to Axiom

Getting started

How to do it...

How it works...

Scanning for indicators with YARA

Getting started

How to do it...

How it works...

Working with Forensic Evidence Container Recipes

Introduction

Opening acquisitions

Getting started

How to do it...

How it works...

Gathering acquisition and media information

Getting started

How to do it...

How it works...

Iterating through files

Getting started

How to do it...

How it works...

There's more...

Processing files within the container

Getting started

How to do it...

How it works...

Searching for hashes

Getting started

How to do it...

How it works...

There's more...

Exploring Windows Forensic Artifacts Recipes - Part I

Introduction

One man's trash is a forensic examiner's treasure

Getting started

How to do it...

How it works...

A sticky situation

Getting started

How to do it...

How it works...

Reading the registry

Getting started

How to do it...

How it works...

There's more...

Gathering user activity

Getting started

How to do it...

How it works...

There's more...

The missing link

Getting started

How to do it...

How it works...

There's more...

Searching high and low

Getting started

How to do it...

How it works...

There's more...

Exploring Windows Forensic Artifacts Recipes - Part II

Introduction

Parsing prefetch files

Getting started

How to do it...

How it works...

There's more...

A series of fortunate events

Getting started

How to do it...

How it works...

There's more...

Indexing internet history

Getting started

How to do it...

How it works...

There's more...

Shadow of a former self

Getting started

How to do it...

How it works...

There's more...

Dissecting the SRUM database

Getting started

How to do it...

How it works...

There's more...

Conclusion