About This Book
- Learn to perform forensic analysis and investigations with the help of Python, and gain an advanced understanding of the various Python libraries and frameworks
- Analyze Python scripts to extract metadata and investigate forensic artifacts
- The writers, Dr. Michael Spreitzenbarth and Dr. Johann Uhrmann, have used their experience to craft this hands-on guide to using Python for forensic analysis and investigations
Who This Book Is For
If you are a network security professional or forensics analyst who wants to gain a deeper understanding of performing forensic analysis with Python, then this book is for you. Some Python experience would be helpful.
What You Will Learn
- Explore the forensic analysis parameters of different platforms such as Windows, Android, and vSphere
- Semi-automatically reconstruct major parts of the system activity and timeline
- Leverage Python ctypes for protocol decoding
- Examine artifacts from mobile, Skype, and browsers
- Discover how to utilize Python to improve the focus of your analysis
- Investigate volatile memory with the help of volatility on the Android and Linux platforms
This book will teach you how to perform forensic analysis and investigations using various Python libraries. It starts by explaining the building blocks of the Python programming language, especially ctypes, in-depth, along with how to automate typical tasks in file system analysis, common correlation tasks to discover anomalies, and templates for investigations. Next, we'll show you cryptographic algorithms that can be used during forensic investigations.
Moving on, you'll learn how to sniff on the network, generate and analyze network flows, and perform log correlation with the help of Python scripts and tools. You'll get to know about the concepts of virtualization and how virtualization influences IT forensics, and you'll discover how to perform the forensic analysis of a jailbroken/rooted mobile device that is based on iOS or Android.
Finally, the book teaches you how to analyze volatile memory and search for known malware samples based on YARA rules.
To view this DRM protected ebook on your desktop or laptop you will need to have Adobe Digital Editions installed. It is a free software. We also strongly recommend that you sign up for an AdobeID at the Adobe website. For more details please see FAQ 1&2. To view this ebook on an iPhone, iPad or Android mobile device you will need the Adobe Digital Editions app, or BlueFire Reader or Txtr app. These are free, too. For more details see this article.
|Size: ||1.8 MB|
|Publisher: ||Packt Publishing|
|Date published: || 2015|
|ISBN: ||2370007153732 (DRM-EPUB)|
|Read Aloud: ||not allowed|