Python and Digital Forensics

An April 2010 whitepaper, by T. J. O’Connor, titled “Grow Your Own Forensic Tools: A Taxonomy of Python Libraries Helpful for Forensic Analysis” discusses the various ways a security professional could harness the power of Python.

Python is a cross-platform high-level language that provides a rich interface for forensic analysts to write scripts to examine digital evidence.

Some of it uses are-

1. Writing Crypto, Hash, and conversion functions,

2. File Metadata extraction,

3. Examining Microsoft artifacts – the Registry, ActiveDirectory, Windows OS etc.,

4. Examining *-nix artifacts – root, file directories, custom files,

5. Tracking email and web client usage,

6. Footprinting applications,

7. Cracking encryption and steganography,

8. Analyzing volatile (RAM) memory, and

9. Analyzing network traffic


O’Connor, T. (2010). Grow Your Own Forensic Tools: A Taxonomy of
Python Libraries Helpful for Forensic Analysis. Retrieved from