Preface

Today, information technology is a part of almost everything that surrounds us. These are the systems that we wear and that support us in building and running cities, companies, our personal online shopping tours, and our friendships. These systems are attractive to use—and abuse. Consequently, all criminal fields such as theft, fraud, blackmailing, and so on expanded to the IT. Nowadays, this is a multi-billion, criminal, global shadow industry.

Can a single person spot traces of criminal or suspicious activity conducted by a multi-billion, criminal, global shadow industry? Well, sometimes you can. To analyze the modern crime, you do not need magnifying glasses and lifting fingerprints off wine bottles. Instead, we will see how to apply your Python skills to get a close look at the most promising spots on a file system and take digital fingerprints from the traces left behind by hackers.

As authors, we believe in the strength of examples over dusty theory. This is why we provide samples for forensic tooling and scripts, which are short enough to be understood by the average Python programmer, yet usable tools and building blocks for real-world IT forensics.

Are you ready to turn suspicion into hard facts?