Mastering Python Forensics
Master the art of digital forensics and analysis with Python
1. Auflage
Erschienen am 13. Januar 2025
192 Seiten
978-1-78398-805-1 (ISBN)
Beschreibung
No detailed description available for "Mastering Python Forensics".
Alle Preise
Weitere Details
Weitere Ausgaben
Inhalt
- Cover
- Copyright
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Table of Contents
- Preface
- Chapter 1: Setting Up the Lab and Introduction to Python ctypes
- Setting up the Lab
- Ubuntu
- Python virtual environment (virtualenv)
- Introduction to Python ctypes
- Working with Dynamic Link Libraries
- C data types
- Defining Unions and Structures
- Summary
- Chapter 2: Forensic Algorithms
- Algorithms
- MD5
- SHA256
- SSDEEP
- Supporting the chain of custody
- Creating hash sums of full disk images
- Creating hash sums of directory trees
- Real-world scenarios
- Mobile Malware
- NSRLquery
- Downloading and installing nsrlsvr
- Writing a client for nsrlsvr in Python
- Summary
- Chapter 3: Using Python for Windows and Linux Forensics
- Analyzing the Windows Event Log
- The Windows Event Log
- Interesting Events
- Parsing the Event Log for IOC
- The python-evtx parser
- The plaso and log2timeline tools
- Analyzing the Windows Registry
- Windows Registry Structure
- Parsing the Registry for IOC
- Connected USB Devices
- User histories
- Startup programs
- System Information
- Shim Cache Parser
- Implementing Linux specific checks
- Checking the integrity of local user credentials
- Analyzing file meta information
- Understanding inode
- Reading basic file metadata with Python
- Evaluating POSIX ACLs with Python
- Reading file capabilities with Python
- Clustering file information
- Creating histograms
- Advanced histogram techniques
- Summary
- Chapter 4: Using Python for Network Forensics
- Using Dshell during an investigation
- Using Scapy during an investigation
- Summary
- Chapter 5: Using Python for Virtualization Forensics
- Considering virtualization as a new attack surface
- Virtualization as an additional layer of abstraction
- Creation of rogue machines
- Cloning of systems
- Searching for misuse of virtual resources
- Detecting rogue network interfaces
- Detecting direct hardware access
- Using virtualization as a source of evidence
- Creating forensic copies of RAM content
- Using snapshots as disk images
- Capturing network traffic
- Summary
- Chapter 6: Using Python for Mobile Forensics
- The investigative model for smartphones
- Android
- Manual Examination
- Automated Examination with the help of ADEL
- Idea behind the system
- Implementation and system workflow
- Working with ADEL
- Movement profiles
- Apple iOS
- Getting the Keychain from a jailbroken iDevice
- Manual Examination with libimobiledevice
- Summary
- Chapter 7: Using Python for Memory Forensics
- Understanding Volatility basics
- Using Volatility on Android
- LiME and the recovery image
- Volatility for Android
- Reconstructing data for Android
- Call history
- Keyboard cache
- Using Volatility on Linux
- Memory acquisition
- Volatility for Linux
- Reconstructing data for Linux
- Analyzing processes and modules
- Analyzing networking information
- Malware hunting with the help of YARA
- Summary
- Where to go from here
- Index
