Technology has come a long way and, with it, the extent to which tools are made widely available has changed too. As a matter of fact, being cognizant of the tools' existence is half the battle due to the sheer volume of tools available on the internet. Some of these tools are publicly available and can be bent toward forensic purposes. In this chapter, we will learn how to interact with websites and identify malware through Python, including an automated review of potentially malicious domains, IP addresses, or files.

We start out by taking a look at how to manipulate Internet Evidence Finder (IEF) results and perform additional processing outside of the context of the application. We also explore using services such as VirusShare, PassiveTotal, and VirusTotal to create HashSets of known malware, query suspicious domain resolutions, and identify known bad domains or files, respectively. Between these scripts, you will become familiar with using Python to interact with APIs.

The scripts in this chapter focus on solving particular problems and are ordered by complexity:

• Learning to extract data from IEF results
• Processing cached Yahoo contacts data from Google Chrome
• Preserving web pages with Beautiful Soup
• Creating an X-Ways-compatible HashSet from VirusShare
• Using PassiveTotal to automate the review of sketchy domains or IP addresses
• Automating identification of known bad files, domains, or IPs with VirusTotal