Python Digital Forensics Cookbook

Over 60 recipes to help you learn digital forensics and leverage Python scripts to amplify your examinations

About This Book

• Develop code that extracts vital information from everyday forensic acquisitions.
• Increase the quality and efficiency of your forensic analysis.
• Leverage the latest resources and capabilities available to the forensic community.

Who This Book Is For

If you are a digital forensics examiner, cyber security specialist, or analyst at heart, understand the basics of Python, and want to take it to the next level, this is the book for you. Along the way, you will be introduced to a number of libraries suitable for parsing forensic artifacts. Readers will be able to use and build upon the scripts we develop to elevate their analysis.

What You Will Learn

• Understand how Python can enhance digital forensics and investigations
• Learn to access the contents of, and process, forensic evidence containers
• Explore malware through automated static analysis
• Extract and review message contents from a variety of email formats
• Add depth and context to discovered IP addresses and domains through various Application Program Interfaces (APIs)
• Delve into mobile forensics and recover deleted messages from SQLite databases
• Index large logs into a platform to better query and visualize datasets

In Detail

Technology plays an increasingly large role in our daily lives and shows no sign of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets.

By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations. Throughout the Python Digital Forensics Cookbook, recipes include topics such as working with forensic evidence containers, parsing mobile and desktop operating system artifacts, extracting embedded metadata from documents and executables, and identifying indicators of compromise. You will also learn to integrate scripts with Application Program Interfaces (APIs) such as VirusTotal and PassiveTotal, and tools such as Axiom, Cellebrite, and EnCase.

By the end of the book, you will have a sound understanding of Python and how you can use it to process artifacts in your investigations.

Style and approach

Our succinct recipes take a no-frills approach to solving common challenges faced in investigations. The code in this book covers a wide range of artifacts and data sources. These examples will help improve the accuracy and efficiency of your analysis - no matter the situation.