Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Python Digital Forensics Cookbook

You're reading from   Python Digital Forensics Cookbook Effective Python recipes for digital investigations

Arrow left icon
Product type Paperback
Published in Sep 2017
Publisher Packt
ISBN-13 9781783987467
Length 412 pages
Edition 1st Edition
Languages
Tools
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Chapin Bryce Chapin Bryce
Author Profile Icon Chapin Bryce
Chapin Bryce
Preston Miller Preston Miller
Author Profile Icon Preston Miller
Preston Miller
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Essential Scripting and File Information Recipes FREE CHAPTER 2. Creating Artifact Report Recipes 3. A Deep Dive into Mobile Forensic Recipes 4. Extracting Embedded Metadata Recipes 5. Networking and Indicators of Compromise Recipes 6. Reading Emails and Taking Names Recipes 7. Log-Based Artifact Recipes 8. Working with Forensic Evidence Container Recipes 9. Exploring Windows Forensic Artifacts Recipes - Part I 10. Exploring Windows Forensic Artifacts Recipes - Part II

What this book covers

Chapter 1, Essential Scripting and File Information Recipes, introduces you to the conventions and basic features of Python used throughout the book. By the end of the chapter, you will create a robust and useful data and metadata preservation script.

Chapter 2, Creating Artifact Report Recipes, demonstrates practical methods of creating reports with forensic artifacts. From spreadsheets to web-based dashboards, we show the flexibility and utility of various reporting formats.

Chapter 3, A Deep Dive into Mobile Forensic Recipes, features iTunes' backup processing, deleted SQLite database record recovery, and mapping Wi-Fi access point MAC addresses from Cellebrite XML reports.

Chapter 4, Extracting Embedded Metadata Recipes, exposes common file types containing embedded metadata and how to extract it. We also provide you with knowledge of how to integrate Python scripts with the popular forensic software, EnCase.

Chapter 5, Networking and Indicators of Compromise Recipes, focuses on network and web-based artifacts and how to extract more information from them. You will learn how to preserve data from websites, interact with processed IEF results, create hash sets for X-Ways, and identify bad domains or IP addresses.

Chapter 6, Reading Emails and Taking Names Recipes, explores the many file types for both individual e-mail messages and entire mailboxes, including Google Takeout MBox, and how to use Python for extraction and analysis.

Chapter 7, Log-Based Artifact Recipes, illustrates how to process artifacts from several log formats, such as IIS, and ingest them with Python info reports or other industry tools, such as Splunk. You will also learn how to develop and use Python recipes to parse files and create artifacts within Axiom.

Chapter 8, Working with Forensic Evidence Container Recipes, shows off the basic forensic libraries required to interact and process forensic evidence containers, including EWF and raw formats. You will learn how to access data from forensic containers, identify disk partition information, and iterate through filesystems.

Chapter 9, Exploring Windows Forensic Artifacts Recipes Part I, leverages the framework developed in Chapter 8, Working with Forensic Evidence Container Recipes, to process various Windows artifacts within forensic evidence containers. These artifacts include $I Recycle Bin files, various Registry artifacts, LNK files, and the Windows.edb index.

Chapter 10, Exploring Windows Forensic Artifacts Recipes Part II, continues to leverage the framework developed in Chapter 8, Working with Forensic Evidence Container Recipes, to process more Windows artifacts within forensic evidence containers. These artifacts include Prefetch files, Event logs, Index.dat, Volume Shadow Copies, and the Windows 10 SRUM database.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image