Python Forensics

Book Description

Python Forensics: A workbench for inventing and sharing digital forensic technology

Python Forensics provides many never-before-published proven forensic modules, libraries, and solutions that can be used right out of the box. In addition, detailed instruction and documentation provided with the code samples will allow even novice Python programmers to add their own unique twists or use the models presented to build new solutions.

Rapid development of new cybercrime investigation tools is an essential ingredient in virtually every case and environment. Whether you are performing post-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.

Drawing upon years of practical experience and using numerous examples and illustrative code samples, author Chet Hosmer discusses how to:

• Develop new forensic solutions independent of large vendor software release schedules
• Participate in an open-source workbench that facilitates direct involvement in the design and implementation of new methods that augment or replace existing tools
• Advance your career by creating new solutions along with the construction of cutting-edge automation solutions to solve old problems

• Provides hands-on tools, code samples, and detailed instruction and documentation that can be put to use immediately
• Discusses how to create a Python forensics workbench
• Covers effective forensic searching and indexing using Python
• Shows how to use Python to examine mobile device operating systems: iOS, Android, and Windows 8
• Presents complete coverage of how to use Python scripts for network investigation

Table of Contents

Chapter 1: Why Python Forensics?
Chapter 2: Setting up a Python Forensics Environment
Chapter 3: Our First Python Forensics App
Chapter 4: Forensic Searching and Indexing Using Python
Chapter 5: Forensic Evidence Extraction (JPEG and TIFF)
Chapter 6: Forensic Time
Chapter 7: Using Natural Language Tools in Forensics
Chapter 8: Network Forensics: Part I
Chapter 9: Network Forensics: Part II
Chapter 10: Multiprocessing for Forensics
Chapter 11: Rainbow in the Cloud
Chapter 12: Looking Ahead

中文：

书名：Python Forensics

Python Forensics：用于发明和共享数字取证技术的工作台

Python Forensics 提供了许多以前从未发布过的成熟取证模块、库和解决方案，可以开箱即用。此外，随代码样例提供的详细说明和文档将允许即使是初学者也可以添加自己独特的技巧或使用所提供的模型来构建新的解决方案。

新的网络犯罪调查工具的迅速发展几乎是每一起案件和环境中的一个重要因素。无论您是执行验尸调查、执行实时分类、从移动设备或云服务提取证据，还是从网络收集和处理证据，Python取证实现都可以填补空白。

根据多年的实践经验，并使用大量的示例和说明性代码示例，作者Chet Hosmer讨论了如何：

• 开发独立于大型供应商软件发布时间表的新取证解决方案
• 参与开源工作台，促进直接参与新方法的设计和实现，以增强或取代现有工具
• 通过创建新的解决方案以及构建解决旧问题的尖端自动化解决方案来推进您的职业生涯

• 提供可立即投入使用的动手工具、代码示例以及详细的说明和文档
• 讨论如何创建Python Forensics工作台
• 介绍如何使用Python进行有效的取证搜索和索引
• 演示如何使用Python检查移动设备操作系统：iOS、Android和Windows 8
• Presents complete coverage of how to use Python scripts for network investigation

Table of Contents

第1章：为什么选择Python Forensics？
第2章：设置Python Forensics环境
Chapter 3: Our First Python Forensics App
第4章：使用Python进行取证搜索和索引
第5章：法医证据提取(JPEG和TIFF)
Chapter 6: Forensic Time
Chapter 7: Using Natural Language Tools in Forensics
第8章：网络取证：第一部分
第9章：网络取证：第二部分
第10章：取证的多重处理
第十一章：云中彩虹
Chapter 12: Looking Ahead