| Description |
1 online resource (1 volume) : illustrations. |
| Series |
Community experience distilled |
|
Community experience distilled.
|
| Note |
Includes index. |
| Contents |
Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Setting Up the Lab and Introduction to Python ctypes; Setting up the Lab; Ubuntu; Python virtual environment (virtualenv); Introduction to Python ctypes; Working with Dynamic Link Libraries; C data types; Defining Unions and Structures; Summary; Chapter 2: Forensic Algorithms; Algorithms; MD5; SHA256; SSDEEP; Supporting the chain of custody; Creating hash sums of full disk images; Creating hash sums of directory trees; Real-world scenarios; Mobile Malware; NSRLquery |
|
Downloading and installing nsrlsvrWriting a client for nsrlsvr in Python; Summary; Chapter 3: Using Python for Windows and Linux Forensics; Analyzing the Windows Event Log; The Windows Event Log; Interesting Events; Parsing the Event Log for IOC; The python-evtx parser; The plaso and log2timeline tools; Analyzing the Windows Registry; Windows Registry Structure; Parsing the Registry for IOC; Connected USB Devices; User histories; Startup programs; System Information; Shim Cache Parser; Implementing Linux specific checks; Checking the integrity of local user credentials |
|
Analyzing file meta informationUnderstanding inode; Reading basic file metadata with Python; Evaluating POSIX ACLs with Python; Reading file capabilities with Python; Clustering file information; Creating histograms; Advanced histogram techniques; Summary; Chapter 4: Using Python for Network Forensics; Using Dshell during an investigation; Using Scapy during an investigation; Summary; Chapter 5: Using Python for Virtualization Forensics; Considering virtualization as a new attack surface; Virtualization as an additional layer of abstraction; Creation of rogue machines; Cloning of systems |
|
Searching for misuse of virtual resourcesDetecting rogue network interfaces; Detecting direct hardware access; Using virtualization as a source of evidence; Creating forensic copies of RAM content; Using snapshots as disk images; Capturing network traffic; Summary; Chapter 6: Using Python for Mobile Forensics; The investigative model for smartphones; Android; Manual Examination; Automated Examination with the help of ADEL; Idea behind the system; Implementation and system workflow; Working with ADEL; Movement profiles; Apple iOS; Getting the Keychain from a jailbroken iDevice |
|
Manual Examination with libimobiledeviceSummary; Chapter 7: Using Python for Memory Forensics; Understanding Volatility basics; Using Volatility on Android; LiME and the recovery image; Volatility for Android; Reconstructing data for Android; Call history; Keyboard cache; Using Volatility on Linux; Memory acquisition; Volatility for Linux; Reconstructing data for Linux; Analyzing processes and modules; Analyzing networking information; Malware hunting with the help of YARA; Summary; Where to go from here; Index |
| Subject |
Python (Computer program language)
|
|
Computer security.
|
|
Data protection.
|
|
Forensic sciences -- Data processing.
|
|
Computer Security |
|
Python (Langage de programmation) |
|
Sécurité informatique. |
|
Protection de l'information (Informatique) |
|
Criminalistique -- Informatique. |
|
Data protection |
|
Computer security |
|
Forensic sciences -- Data processing |
|
Python (Computer program language) |
| Added Author |
Uhrmann, Johann, author.
|
| ISBN |
1783988053 |
|
1783988045 |
|
9781783988044 |
|
9781783988051 electronic book |
|
More Resources