Learning Python for Forensics: Leverage the power of Python in forensic investigations, 2nd Edition
暫譯: 取證用Python學習：在取證調查中利用Python的力量（第二版）

Design, develop, and deploy innovative forensic solutions using Python

Key Features

• Discover how to develop Python scripts for effective digital forensic analysis
• Master the skills of parsing complex data structures with Python libraries
• Solve forensic challenges through the development of practical Python scripts

Book Description

Digital forensics plays an integral role in solving complex cybercrimes and helping organizations make sense of cybersecurity incidents. This second edition of Learning Python for Forensics illustrates how Python can be used to support these digital investigations and permits the examiner to automate the parsing of forensic artifacts to spend more time examining actionable data.

The second edition of Learning Python for Forensics will illustrate how to develop Python scripts using an iterative design. Further, it demonstrates how to leverage the various built-in and community-sourced forensics scripts and libraries available for Python today. This book will help strengthen your analysis skills and efficiency as you creatively solve real-world problems through instruction-based tutorials.

By the end of this book, you will build a collection of Python scripts capable of investigating an array of forensic artifacts and master the skills of extracting metadata and parsing complex data structures into actionable reports. Most importantly, you will have developed a foundation upon which to build as you continue to learn Python and enhance your efficacy as an investigator.

What you will learn

• Learn how to develop Python scripts to solve complex forensic problems
• Build scripts using an iterative design
• Design code to accommodate present and future hurdles
• Leverage built-in and community-sourced libraries
• Understand the best practices in forensic programming
• Learn how to transform raw data into customized reports and visualizations
• Create forensic frameworks to automate analysis of multiple forensic artifacts
• Conduct effective and efficient investigations through programmatic processing

Who this book is for

If you are a forensics student, hobbyist, or professional seeking to increase your understanding in forensics through the use of a programming language, then Learning Python for Forensics is for you. You are not required to have previous experience in programming to learn and master the content within this book. This material, created by forensic professionals, was written with a unique perspective and understanding for examiners who wish to learn programming.

Table of Contents

1. Now for Something Completely Different
2. Python Fundamentals
3. Parsing Text Files
4. Working with Serialized Data Structures
5. Using Databases in Python
6. Interpreting Structured Binary Data from the Windows Registry
7. Finding Similar Files with Fuzzy Hashing
8. Extracting Embedded Metadata from Multimedia and Office Files
9. Converting Timestamps with a GUI Application
10. Rapidly Triage Systems
11. Parsing Outlook PST Containers
12. Recovering Transient SQLite Database Records
13. Coming Full Circle