万本电子书0元读

万本电子书0元读

顶部广告

Mastering Python Forensics电子书

售       价:¥

22人正在读 | 0人评论 9.8

作       者:Dr. Michael Spreitzenbarth

出  版  社:Packt Publishing

出版时间:2015-10-30

字       数:140.8万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Master the art of digital forensics and analysis with PythonAbout This BookLearn to perform forensic analysis and investigations with the help of Python, and gain an advanced understanding of the various Python libraries and frameworksAnalyze Python *s to extract metadata and investigate forensic artifactsThe writers, Dr. Michael Spreitzenbarth and Dr. Johann Uhrmann, have used their experience to craft this hands-on guide to using Python for forensic analysis and investigations Who This Book Is For If you are a network security professional or forensics analyst who wants to gain a deeper understanding of performing forensic analysis with Python, then this book is for you. Some Python experience would be helpful.What You Will LearnExplore the forensic analysis of different platforms such as Windows, Android, and vSphereSemi-automatically reconstruct major parts of the system activity and time-lineLeverage Python ctypes for protocol decodingExamine artifacts from mobile, Skype, and browsersDiscover how to utilize Python to improve the focus of your analysisInvestigate in volatile memory with the help of volatility on the Android and Linux platforms In Detail Digital forensic analysis is the process of examining and extracting data digitally and examining it. Python has the combination of power, expressiveness, and ease of use that makes it an essential complementary tool to the traditional, off-the-shelf digital forensic tools. This book will teach you how to perform forensic analysis and investigations by exploring the capabilities of various Python libraries. The book starts by explaining the building blocks of the Python programming language, especially ctypes in-depth, along with how to automate typical tasks in file system analysis, common correlation tasks to discover anomalies, as well as templates for investigations. Next, we’ll show you cryptographic algorithms that can be used during forensic investigations to check for known files or to compare suspicious files with online services such as VirusTotal or Mobile-Sandbox. Moving on, you’ll learn how to sniff on the network, generate and analyze network flows, and perform log correlation with the help of Python *s and tools. You’ll get to know about the concepts of virtualization and how virtualization influences IT forensics, and you’ll discover how to perform forensic analysis of a jailbroken/rooted mobile device that is based on iOS or Android. Finally, the book teaches you how to analyze volatile memory and search for known malware samples based on YARA rules.Style and approach This easy-to-follow guide will demonstrate forensic analysis techniques by showing you how to solve real-word-scenarios step by step.
目录展开

Mastering Python Forensics

Table of Contents

Mastering Python Forensics

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Setting Up the Lab and Introduction to Python ctypes

Setting up the Lab

Ubuntu

Python virtual environment (virtualenv)

Introduction to Python ctypes

Working with Dynamic Link Libraries

C data types

Defining Unions and Structures

Summary

2. Forensic Algorithms

Algorithms

MD5

SHA256

SSDEEP

Supporting the chain of custody

Creating hash sums of full disk images

Creating hash sums of directory trees

Real-world scenarios

Mobile Malware

NSRLquery

Downloading and installing nsrlsvr

Writing a client for nsrlsvr in Python

Summary

3. Using Python for Windows and Linux Forensics

Analyzing the Windows Event Log

The Windows Event Log

Interesting Events

Parsing the Event Log for IOC

The python-evtx parser

The plaso and log2timeline tools

Analyzing the Windows Registry

Windows Registry Structure

Parsing the Registry for IOC

Connected USB Devices

User histories

Startup programs

System Information

Shim Cache Parser

Implementing Linux specific checks

Checking the integrity of local user credentials

Analyzing file meta information

Understanding inode

Reading basic file metadata with Python

Evaluating POSIX ACLs with Python

Reading file capabilities with Python

Clustering file information

Creating histograms

Advanced histogram techniques

Summary

4. Using Python for Network Forensics

Using Dshell during an investigation

Using Scapy during an investigation

Summary

5. Using Python for Virtualization Forensics

Considering virtualization as a new attack surface

Virtualization as an additional layer of abstraction

Creation of rogue machines

Cloning of systems

Searching for misuse of virtual resources

Detecting rogue network interfaces

Detecting direct hardware access

Using virtualization as a source of evidence

Creating forensic copies of RAM content

Using snapshots as disk images

Capturing network traffic

Summary

6. Using Python for Mobile Forensics

The investigative model for smartphones

Android

Manual Examination

Automated Examination with the help of ADEL

Idea behind the system

Implementation and system workflow

Working with ADEL

Movement profiles

Apple iOS

Getting the Keychain from a jailbroken iDevice

Manual Examination with libimobiledevice

Summary

7. Using Python for Memory Forensics

Understanding Volatility basics

Using Volatility on Android

LiME and the recovery image

Volatility for Android

Reconstructing data for Android

Call history

Keyboard cache

Using Volatility on Linux

Memory acquisition

Volatility for Linux

Reconstructing data for Linux

Analyzing processes and modules

Analyzing networking information

Malware hunting with the help of YARA

Summary

Where to go from here

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部