Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Mastering Python Forensics
Table of Contents Mastering Python Forensics Credits About the Authors About the Reviewers www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe? Free access for Packt account holders
Preface
What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support
Downloading the example code Errata Piracy Questions
1. Setting Up the Lab and Introduction to Python ctypes
Setting up the Lab
Ubuntu Python virtual environment (virtualenv)
Introduction to Python ctypes
Working with Dynamic Link Libraries C data types
Defining Unions and Structures
Summary
2. Forensic Algorithms
Algorithms
MD5 SHA256 SSDEEP
Supporting the chain of custody
Creating hash sums of full disk images Creating hash sums of directory trees
Real-world scenarios
Mobile Malware NSRLquery
Downloading and installing nsrlsvr Writing a client for nsrlsvr in Python
Summary
3. Using Python for Windows and Linux Forensics
Analyzing the Windows Event Log
The Windows Event Log Interesting Events Parsing the Event Log for IOC
The python-evtx parser The plaso and log2timeline tools
Analyzing the Windows Registry
Windows Registry Structure Parsing the Registry for IOC
Connected USB Devices User histories Startup programs System Information Shim Cache Parser
Implementing Linux specific checks
Checking the integrity of local user credentials Analyzing file meta information
Understanding inode Reading basic file metadata with Python Evaluating POSIX ACLs with Python Reading file capabilities with Python
Clustering file information
Creating histograms Advanced histogram techniques
Summary
4. Using Python for Network Forensics
Using Dshell during an investigation Using Scapy during an investigation Summary
5. Using Python for Virtualization Forensics
Considering virtualization as a new attack surface
Virtualization as an additional layer of abstraction Creation of rogue machines Cloning of systems
Searching for misuse of virtual resources
Detecting rogue network interfaces Detecting direct hardware access
Using virtualization as a source of evidence
Creating forensic copies of RAM content Using snapshots as disk images Capturing network traffic
Summary
6. Using Python for Mobile Forensics
The investigative model for smartphones Android
Manual Examination Automated Examination with the help of ADEL
Idea behind the system Implementation and system workflow Working with ADEL
Movement profiles
Apple iOS
Getting the Keychain from a jailbroken iDevice Manual Examination with libimobiledevice
Summary
7. Using Python for Memory Forensics
Understanding Volatility basics Using Volatility on Android
LiME and the recovery image Volatility for Android Reconstructing data for Android
Call history Keyboard cache
Using Volatility on Linux
Memory acquisition Volatility for Linux Reconstructing data for Linux
Analyzing processes and modules Analyzing networking information Malware hunting with the help of YARA
Summary Where to go from here
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion