Python Digital Forensics Cookbook

Over 60 recipes to help you learn digital forensics and leverage Pythonscripts to amplify your examinations About This Book - Develop code thatextracts vital information from everyday forensic acquisitions. - Increase thequality and efficiency of your forensic analysis. - Leverage the latestresources and capabilities available to the forensic community. Who This BookIs For If you are a digital forensics examiner, cyber security specialist, oranalyst at heart, understand the basics of Python, and want to take it to thenext level, this is the book for you. Along the way, you will be introduced toa number of libraries suitable for parsing forensic artifacts. Readers will beable to use and build upon the scripts we develop to elevate their analysis.What You Will Learn - Understand how Python can enhance digital forensics andinvestigations - Learn to access the contents of, and process, forensicevidence containers - Explore malware through automated static analysis -Extract and review message contents from a variety of email formats - Adddepth and context to discovered IP addresses and domains through variousApplication Program Interfaces (APIs) - Delve into mobile forensics andrecover deleted messages from SQLite databases - Index large logs into aplatform to better query and visualize datasets In Detail Technology plays anincreasingly large role in our daily lives and shows no sign of stopping. Now,more than ever, it is paramount that an investigator develops programmingexpertise to deal with increasingly large datasets. By leveraging the Pythonrecipes explored throughout this book, we make the complex simple, quicklyextracting relevant information from large datasets. You will explore,develop, and deploy Python code and libraries to provide meaningful resultsthat can be immediately applied to your investigations. Throughout the PythonDigital Forensics Cookbook, recipes include topics such as working withforensic evidence containers, parsing mobile and desktop operating systemartifacts, extracting embedded metadata from documents and executables, andidentifying indicators of compromise. You will also learn to integrate scriptswith Application Program Interfaces (APIs) such as VirusTotal andPassiveTotal, and tools such as Axiom, Cellebrite, and EnCase. By the end ofthe book, you will have a sound understanding of Python and how you can use itto process artifacts in your investigations. Style and approach Our succinctrecipes take a no-frills approach to solving common challenges faced ininvestigations. The code in this book covers a wide range of artifacts anddata sources. These examples will help improve the accuracy and efficiency ofyour analysis-no matter the situation.