Python Digital Forensics Cookbook
Preston Miller, Chapin Bryce
- 出版商: Packt Publishing
- 出版日期: 2017-09-26
- 售價: $1,980
- 貴賓價: 9.5 折 $1,881
- 語言: 英文
- 頁數: 412
- 裝訂: Paperback
- ISBN: 1783987464
- ISBN-13: 9781783987467
-
相關分類:
Python、程式語言
海外代購書籍(需單獨結帳)
相關主題
商品描述
Key Features
- Develop code that extracts vital information from everyday forensic acquisitions.
- Increase the quality and efficiency of your forensic analysis.
- Leverage the latest resources and capabilities available to the forensic community.
Book Description
Technology plays an increasingly large role in our daily lives and shows no sign of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets.
By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations. Throughout the Python Digital Forensics Cookbook, recipes include topics such as working with forensic evidence containers, parsing mobile and desktop operating system artifacts, extracting embedded metadata from documents and executables, and identifying indicators of compromise. You will also learn to integrate scripts with Application Program Interfaces (APIs) such as VirusTotal and PassiveTotal, and tools such as Axiom, Cellebrite, and EnCase.
By the end of the book, you will have a sound understanding of Python and how you can use it to process artifacts in your investigations.
What you will learn
- Understand how Python can enhance digital forensics and investigations
- Learn to access the contents of, and process, forensic evidence containers
- Explore malware through automated static analysis
- Extract and review message contents from a variety of email formats
- Add depth and context to discovered IP addresses and domains through various Application Program Interfaces (APIs)
- Delve into mobile forensics and recover deleted messages from SQLite databases
- Index large logs into a platform to better query and visualize datasets
About the Author
Preston Miller is a consultant at an internationally recognized risk management firm. He holds an undergraduate degree from Vassar College and a master’s degree in Digital Forensics from Marshall University. While at Marshall, Preston unanimously received the prestigious J. Edgar Hoover Foundation’s Scientific Scholarship. He is a published author, recently of Learning Python for Forensics, an introductory Python Forensics textbook. Preston is also a member of the GIAC advisory board and holds multiple industry-recognized certifications in his field.
Chapin Bryce works as a consultant in digital forensics, focusing on litigation support, incident response, and intellectual property investigations. After studying computer and digital forensics at Champlain College, he joined a firm leading the field of digital forensics and investigations. In his downtime, Chapin enjoys working on side projects, hiking, and skiing (if the weather permits). As a member of multiple ongoing research and development projects, he has authored several articles in professional and academic publications.
Table of Contents
- Working with System/File Info
- A Deep Dive into Mobile Forensics
- Extracting Embedded Metadata
- Exploring Networking and Indicators of Compromise
- Reading Emails and Taking Names
- Forensic Evidence
- Log Based Artifacts
- Exploring Windows Forensic Artifact
- Exploring Windows Forensic Artifact.
- Creating Artifact Report
商品描述(中文翻譯)
關鍵特點
- 開發代碼以提取日常法醫獲取中的重要信息。
- 提高法醫分析的質量和效率。
- 利用法醫社群可用的最新資源和能力。
書籍描述
科技在我們日常生活中扮演著越來越重要的角色,並且沒有停止的跡象。現在,比以往任何時候都更重要的是,調查員必須發展程式設計專業知識,以應對日益龐大的數據集。
通過利用本書中探討的 Python 配方,我們使複雜的問題變得簡單,快速從大型數據集中提取相關信息。您將探索、開發和部署 Python 代碼和庫,以提供可以立即應用於調查的有意義結果。在《Python 數位法醫食譜》中,配方包括處理法醫證據容器、解析移動和桌面操作系統工件、從文檔和可執行文件中提取嵌入的元數據,以及識別妥協指標等主題。您還將學習如何將腳本與應用程式介面(APIs)如 VirusTotal 和 PassiveTotal,以及工具如 Axiom、Cellebrite 和 EnCase 整合。
在書籍結束時,您將對 Python 有深入的理解,並了解如何使用它來處理您調查中的工件。
您將學到的內容
- 理解 Python 如何增強數位法醫和調查
- 學習訪問和處理法醫證據容器的內容
- 通過自動靜態分析探索惡意軟體
- 從各種電子郵件格式中提取和審查消息內容
- 通過各種應用程式介面(APIs)為發現的 IP 地址和域名增添深度和背景
- 深入移動法醫學,從 SQLite 數據庫中恢復已刪除的消息
- 將大型日誌索引到平台中,以更好地查詢和可視化數據集
關於作者
**Preston Miller** 是一家國際知名風險管理公司的顧問。他擁有 Vassar College 的學士學位和 Marshall University 的數位法醫碩士學位。在 Marshall 期間,Preston 獲得了享有盛譽的 J. Edgar Hoover 基金會科學獎學金。他是一位已出版的作者,最近出版了《Learning Python for Forensics》,這是一本入門的 Python 法醫學教科書。Preston 也是 GIAC 諮詢委員會的成員,並在他的領域擁有多項行業認可的證書。
**Chapin Bryce** 擔任數位法醫顧問,專注於訴訟支持、事件響應和知識產權調查。在 Champlain College 學習計算機和數位法醫學後,他加入了一家領先數位法醫和調查領域的公司。在空閒時間,Chapin 喜歡從事副項目、健行和滑雪(如果天氣允許)。作為多個持續研究和開發項目的成員,他在專業和學術出版物中撰寫了幾篇文章。
目錄
1. 處理系統/檔案信息
2. 深入移動法醫學
3. 提取嵌入的元數據
4. 探索網絡和妥協指標
5. 閱讀電子郵件和記錄名稱
6. 法醫證據
7. 基於日誌的工件
8. 探索 Windows 法醫工件
9. 探索 Windows 法醫工件
10. 創建工件報告