Mastering-Python-Forensics-Master-the-art-of-digital-forensics-and-analysis-with-Python.pdf
Mastering python Forensics Copyright C 2015 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty cither express or implied. Neither the authors nor packt Publishing and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals However, Packt Publishing cannot guarantee the accuracy of this information First published: October 2015 Production reference: 1261015 Published by Packt Publishing Ltd Livery place 35 Livery street Birmingham b3 2PB, UK ISBN978-1-78398-804-4 www.packtpub.com www.it-ebooksinfo Credits Authors Project Coordinator Dr Michael Spreitzenbarth Shipra Chahar Dr. johann uhrmann Proofreader Reviewers Safis Editing Richard marsden Puneet narula Indexer Mariamman chettiyar Yves vandermeer Production Coordinator Commissioning Editor Kartikey pandey Arvindkumar Gupta Acquisition Editor Cover work Arvindkumar Gupta Content Development Editor Shweta pant Technical editor Pranil Pathare Copy Edit Vibha shukl www.it-ebooksinfo 欢迎加入非盈利Pythσ编程学习交流Q群783462347,群里免费提供500+本 Pyt hor书籍 About the authors Dr Michael Spreitzenbarth holds a degree of doctor of engineering in IT security from the University of Erlangen-Nuremberg and is a CissP as well as a GMOb He has been an it security consultant at a worldwide operating cert for more thar three years and has worked as a freelancer in the field of mobile phone forensics malware analysis and it security consultancy for more than six years Since the last four years, he has been giving talks and lectures in the fields of forensics and mobile security at various universities and in the private sector i would like to thank everyone who has encouraged me while writing this book, especially my wife for her great support. I would also like to thank all the authors of the used open source tools without your help, this book wouldnt have been possible www.it-ebooksinfo 欢迎加入非盈利Pythσ编程学习交流Q群783462347,群里免费提供500+本 Pyt hor书籍 Dr. Johann Uhrmann holds a degree in computer science from the university of Applied Sciences Landshut and a doctor of engineering from the University of the German Federal Armed Forces. he has more than ten years of experience in software development which includes working for start-ups, institutional research and corporate environment. Johann has several years of experience in incident handling and It governance, focusing on Linux and Cloud environments First of all, I would like to thank my wife, Daniela, for her moral support and willingness to give up on some family time while I was writing. I also would like to thank my coauthor and colleague, Dr Michael Spreitzenbarth, for talking me into writing this book and handling a great deal of the organizational overhead of such a project. Furthermore, the great people working on all the open source software projects that we used and mentioned in this book deserve credit. You are the guys who keep the IT world spinning www.it-ebooksinfo 欢迎加入非盈利Pythσ编程学习交流Q群783462347,群里免费提供500+本 Pyt hor书籍 about the reviewers Richard marsden has over twenty years of professional experience in software development. After starting in the fields of geophysics and oil exploration, he has spent the last twelve years running the Winwaed Software Technology LLC, an independent software vendor Winwaed specializes in geospatial tools and applicationswhichincludewebapplicationsandoperatesthehttp://www mapping-tools. com website for tools and add-ins for geospatial products, such as Caliper's Maptitude and Microsoft's Mappoint Richard was also a technical reviewer for Python Geospatial Development, and Python Geospatial analysis essentials, both written by Erik Westra, Packt Publishing Puneet narula is currently working as PPC Data Analyst with Hostelworld comLtd(http://www.hostelworld.com/),Dublin,Ircland,whereheanalyzes massive clickstream data from direct and affiliate sources and provides insight to and predictive analysis. His areas of expertise are programming in Python and R machine learning data analysis and tableau He started his career in banking and finance and then moved to the ever growing domain of data and analytics He earned MSc in computing(data analytics) from Dublin Institute of Technology, Dublin, Ireland. He has reviewed the books: Python Data Analysis, by lvan Idris, Packt Publishing and Python Geospatial Analysis Essentials, by Erik Westra, Packt Publishing www.it-ebooksinfo 欢迎加入非盈利Pythσ编程学习交流Q群783462347,群里免费提供500+本 Pyt hor书籍 Yves vandermeer is a police officer working for the belgian Federal Police He has been involved in major investigations since 1997, where he contributed to recovering digital evidence. Owning a MSc in computer forensics, Yves is also a trainer on several topics such as filesystems and network forensics for several law enforcement agencie Chairing the European Cybercrime Training and Education Group, E. C.T.E.G since 2013, Yves supports the creation of training materials that are focused on the understanding of the concepts applied in practical exercises Using his experience, he developed forensic software tools for law enforcement and contributed to several advisory groups related to IT crime and IT forensics www.it-ebooksinfo 欢迎加入非盈利Pyth编程学习交流Q群783462347,群里免费提供500+本 Pyt hor书籍! Www. Packtpub. com Support files, eBooks, discount offers, and more Forsupportfilesanddownloadsrelatedtoyourbookpleasevisitwww.packtpub.coM Did you know that Packt offers e Book versions of every book published, with PDF andepuBfilesavailableYoucanupgradetotheebookversionatwww.packtpub.cOm and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub com for more details Atwww.packtpub.comyoucanalsoreadacollectionoffreetechnicalarticlessign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and ebooks JPACKTLIB https://www2.packtpub.com/books/subscription/packtlib Do you need instant solutions to your It questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's cntire library of books Why subscribe? Fully searchable across every book published by Packt Copy and paste, print, and bookmark content On demand and accessible via a web browser Free access for packt account holders IfyouhaveanaccountwithPacktatwww.Packtpub.comyoucanusethistoaccess PacktLib today and view 9 entirely free books Simply use your login credentials for immediate access www.it-ebooksinfo 欢迎加入非盈利Pythσ编程学习交流Q群783462347,群里免费提供500+本 Pyt hor书籍 Table of contents Preface Chapter 1: Setting Up the Lab and Introduction to Python ctypes Setting up the lab Ubuntu ython virtual environment(virtualenv Introduction to Python ctypes Working with Dynamic link libraries c data types 234568 Defining Unions and structures Summary 10 Chapter 2: Forensic Algorithms Algorithms MD5 12 SHA256 13 SSDEEP Supporting the chain of custody 15 Creating hash sums of full disk images 15 Creating hash sums of directory trees Real-world scenarios Mobile malware 20 NSRLquery 23 Downloading and installing nsrlsvr 24 Writing a client for nsrlsvr in Python Summary 27 Chapter 3: Using Python for Windows and Linux Forensics 29 Analyzing the Windows Event Log 30 The Windows Event Log 30 Interesting Events 32 www.it-ebooksinfo