- Mastering Python Forensics
- Dr. Michael Spreitzenbarth Dr. Johann Uhrmann
- 340字
- 2021-07-09 21:11:14
What this book covers
Chapter 1, Setting Up the Lab and Introduction to Python ctypes, covers how to set up your environment to follow the examples that are provided in this book. We will take a look at the various Python modules that support our forensic analyses. With ctypes, we provide the means to go beyond Python modules and leverage the capabilities of native system libraries.
Chapter 2, Forensic Algorithms, provides you with the digital equivalent of taking fingerprints. Just like in the case of classic fingerprints, we will show you how to compare the digital fingerprints with a huge registry of the known good and bad samples. This will support you in focusing your analysis and providing a proof of forensical soundness.
Chapter 3, Using Python for Windows and Linux Forensics, is the first step on your journey to understanding digital evidence. We will provide examples to detect signs of compromise on Windows and Linux systems. We will conclude the chapter with an example on how to use machine learning algorithms in the forensic analysis.
Chapter 4, Using Python for Network Forensics, is all about capturing and analyzing network traffic. With the provided tools, you can search and analyze the network traffic for signs of exfiltration or signature of malware communication.
Chapter 5, Using Python for Virtualization Forensics, explains how modern virtualization concepts can be used by the attacker and forensic analyst. Consequently, we will show how to find traces of malicious behavior on the hypervisor level and utilize the virtualization layer as a reliable source of forensic data.
Chapter 6, Using Python for Mobile Forensics, will give you an insight on how to retrieve and analyze forensic data from mobile devices. The examples will include analyzing Android devices as well as Apple iOS devices.
Chapter 7, Using Python for Memory Forensics, demonstrates how to retrieve memory snapshots and analyze these RAM images forensically with Linux and Android. With the help of tools such as LiME and Volatility, we will demonstrate how to extract information from the system memory.