Integrating Python with Leading Computer Forensic Platforms takes a definitive look at how and why the integration of Python advances the field of digital forensics. In addition, the book includes practical, never seen Python examples that can be immediately put to use. Noted author Chet Hosmer demonstrates how to extend four key Forensic Platforms using Python, including EnCase by Guidance Software, MPE+ by AccessData, The Open Source Autopsy/SleuthKit by Brian Carrier and WetStone Technologies, and Live Acquisition and Triage Tool US-LATT. This book is for practitioners, forensic investigators, educators, students, private investigators, or anyone advancing digital forensics for investigating cybercrime.
Additionally, the open source availability of the examples allows for sharing and growth within the industry. This book is the first to provide details on how to directly integrate Python into key forensic platforms.
Author(s): Chet Hosmer
Publisher: Syngress Publishing
Year: 2016
Language: English
Pages: 216
Front Cover
Integrating Python with Leading Computer Forensics Platforms
Copyright
Dedication
Contents
Author Biography
Preface
Acknowledgments
Chapter 1: Integrating Python With Forensics Platforms
Introduction
What Is the Python Value Proposition for Forensics?
Resources
Books
Online Resources and Tutorials
learnpython.org
python.org/about/gettingstarted/
CS for All: Introduction to Computer Science and Python Programming
Formal Courses
What Are the Possible Integration Points and Methods?
Preprocessing
Postprocessing
Direct API Integration
Secondary Information Gathering
Secondary Processing of Hard Problems
Why Open Source?
What Forensic Platforms Are Covered?
Keys to Success
Review
Additional Resources
Chapter 2: Key Python Language Elements for Forensics
Introduction
Font Usage
Quick Overview of the Python Environment
Installing Python for Windows
Setting Up a Python Integrated Development Environment
Python Forensics Source Code Template SRC-2-1.py
Script SRC-2-1.1py
Executing SRC-2-1
Basic Forensic Script SRC-2-2.py
Script SRC-2-2.py
Executing SRC-2-2.py
Next Steps
Review
Challenge Problems
Additional Resources
Chapter 3: Integrating Python With MPE+
Introduction
MPE+ Basics
Launching the pythonScripter
Connecting the Dots … MPE+ with Python
Building and MPE+ Python Template
PF_MPE_PARAMETERS
PF_MPE_PARAMETERS
PF_MPE_BASIC.py
Creating a HashSearch MPE+ Python Script
Executing a Hash Search
Review
Challenge Problems
Additional Resources
Chapter 4: Integrating Python With EnCase/EnScripts
Introduction
EnCase Integration Points
EnCase File Viewer Integration
EnCase: Configuring a File Viewer
EnCase: Launching a Python File Viewer
pyBasic.py Script
pyBasic.py
EnCase: Launching Python Using an EnScript
SelectedFiles EnScript Details
pyEnscript.py Details
Review
Challenge Problems
Additional Resources
Chapter 5: Integrating Python With Leading Forensic Platforms
Introduction
US-LATT Configuration
US-LATT Acquisition Walk-Through
US-LATT Evidence Structure
Postprocessing of US-LATT Acquisition
memScanner.py
memScanner.py
pyDiscover.py
Full Execution of memScanner.py
Review
Challenge Problems
Additional Resources
Chapter 6: Integrating Python With Leading Forensic Platforms
Introduction
Integrating Python With Autopsy
The Report Module
What Does ProperNames.py Do?
properNames.py
Executing the Proper Names Script
Review
Challenge Problems
Additional Resources
Chapter 7: Future Look and an Integration Challenge Problem
The Future
Challenge Problem pyMP3.py
What Makes MP3 Attractive for Data Hiding?
pyMP3.py Python Script
Executing pyMP3.py
Review
Additional Resources
Index
Back Cover
