Mastering Python Forensics

Packt Publishing Limited
  • 1. Auflage
  • |
  • erschienen am 30. Oktober 2015
  • |
  • 192 Seiten
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
978-1-78398-805-1 (ISBN)
Master the art of digital forensics and analysis with PythonAbout This BookLearn to perform forensic analysis and investigations with the help of Python, and gain an advanced understanding of the various Python libraries and frameworksAnalyze Python scripts to extract metadata and investigate forensic artifactsThe writers, Dr. Michael Spreitzenbarth and Dr. Johann Uhrmann, have used their experience to craft this hands-on guide to using Python for forensic analysis and investigationsWho This Book Is ForIf you are a network security professional or forensics analyst who wants to gain a deeper understanding of performing forensic analysis with Python, then this book is for you. Some Python experience would be helpful.What You Will LearnExplore the forensic analysis of different platforms such as Windows, Android, and vSphereSemi-automatically reconstruct major parts of the system activity and time-lineLeverage Python ctypes for protocol decodingExamine artifacts from mobile, Skype, and browsersDiscover how to utilize Python to improve the focus of your analysisInvestigate in volatile memory with the help of volatility on the Android and Linux platformsIn DetailDigital forensic analysis is the process of examining and extracting data digitally and examining it. Python has the combination of power, expressiveness, and ease of use that makes it an essential complementary tool to the traditional, off-the-shelf digital forensic tools.This book will teach you how to perform forensic analysis and investigations by exploring the capabilities of various Python libraries.The book starts by explaining the building blocks of the Python programming language, especially ctypes in-depth, along with how to automate typical tasks in file system analysis, common correlation tasks to discover anomalies, as well as templates for investigations. Next, we'll show you cryptographic algorithms that can be used during forensic investigations to check for known files or to compare suspicious files with online services such as VirusTotal or Mobile-Sandbox.Moving on, you'll learn how to sniff on the network, generate and analyze network flows, and perform log correlation with the help of Python scripts and tools. You'll get to know about the concepts of virtualization and how virtualization influences IT forensics, and you'll discover how to perform forensic analysis of a jailbroken/rooted mobile device that is based on iOS or Android.Finally, the book teaches you how to analyze volatile memory and search for known malware samples based on YARA rules.Style and approachThis easy-to-follow guide will demonstrate forensic analysis techniques by showing you how to solve real-word-scenarios step by step.
  • Englisch
  • Birmingham
  • |
  • Großbritannien
978-1-78398-805-1 (9781783988051)
1783988053 (1783988053)
weitere Ausgaben werden ermittelt
Dr. Michael Spreitzenbarth holds a degree of doctor of engineering in IT security from the University of Erlangen-Nuremberg and is a CISSP as well as a GMOB. He has been an IT security consultant at a worldwide operating CERT for more than three years and has worked as a freelancer in the field of mobile phone forensics, malware analysis, and IT security consultancy for more than six years. Since the last four years, he has been giving talks and lectures in the fields of forensics and mobile security at various universities and in the private sector. Dr. Johann Uhrmann holds a degree in computer science from the University of Applied Sciences Landshut and a doctor of engineering from the University of the German Federal Armed Forces. He has more than ten years of experience in software development, which includes working for start-ups, institutional research, and corporate environment. Johann has several years of experience in incident handling and IT governance, focusing on Linux and Cloud environments.
  • Cover
  • Copyright
  • Credits
  • About the Authors
  • About the Reviewers
  • Table of Contents
  • Preface
  • Chapter 1: Setting Up the Lab and Introduction to Python ctypes
  • Setting up the Lab
  • Ubuntu
  • Python virtual environment (virtualenv)
  • Introduction to Python ctypes
  • Working with Dynamic Link Libraries
  • C data types
  • Defining Unions and Structures
  • Summary
  • Chapter 2: Forensic Algorithms
  • Algorithms
  • MD5
  • SHA256
  • Supporting the chain of custody
  • Creating hash sums of full disk images
  • Creating hash sums of directory trees
  • Real-world scenarios
  • Mobile Malware
  • NSRLquery
  • Downloading and installing nsrlsvr
  • Writing a client for nsrlsvr in Python
  • Summary
  • Chapter 3: Using Python for Windows and Linux Forensics
  • Analyzing the Windows Event Log
  • The Windows Event Log
  • Interesting Events
  • Parsing the Event Log for IOC
  • The python-evtx parser
  • The plaso and log2timeline tools
  • Analyzing the Windows Registry
  • Windows Registry Structure
  • Parsing the Registry for IOC
  • Connected USB Devices
  • User histories
  • Startup programs
  • System Information
  • Shim Cache Parser
  • Implementing Linux specific checks
  • Checking the integrity of local user credentials
  • Analyzing file meta information
  • Understanding inode
  • Reading basic file metadata with Python
  • Evaluating POSIX ACLs with Python
  • Reading file capabilities with Python
  • Clustering file information
  • Creating histograms
  • Advanced histogram techniques
  • Summary
  • Chapter 4: Using Python for Network Forensics
  • Using Dshell during an investigation
  • Using Scapy during an investigation
  • Summary
  • Chapter 5: Using Python for Virtualization Forensics
  • Considering virtualization as a new attack surface
  • Virtualization as an additional layer of abstraction
  • Creation of rogue machines
  • Cloning of systems
  • Searching for misuse of virtual resources
  • Detecting rogue network interfaces
  • Detecting direct hardware access
  • Using virtualization as a source of evidence
  • Creating forensic copies of RAM content
  • Using snapshots as disk images
  • Capturing network traffic
  • Summary
  • Chapter 6: Using Python for Mobile Forensics
  • The investigative model for smartphones
  • Android
  • Manual Examination
  • Automated Examination with the help of ADEL
  • Idea behind the system
  • Implementation and system workflow
  • Working with ADEL
  • Movement profiles
  • Apple iOS
  • Getting the Keychain from a jailbroken iDevice
  • Manual Examination with libimobiledevice
  • Summary
  • Chapter 7: Using Python for Memory Forensics
  • Understanding Volatility basics
  • Using Volatility on Android
  • LiME and the recovery image
  • Volatility for Android
  • Reconstructing data for Android
  • Call history
  • Keyboard cache
  • Using Volatility on Linux
  • Memory acquisition
  • Volatility for Linux
  • Reconstructing data for Linux
  • Analyzing processes and modules
  • Analyzing networking information
  • Malware hunting with the help of YARA
  • Summary
  • Where to go from here
  • Index

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)


Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.

Download (sofort verfügbar)

32,73 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung dieser Web-Seiten erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok