An April 2010 whitepaper, by T. J. O’Connor, titled “Grow Your Own Forensic Tools: A Taxonomy of Python Libraries Helpful for Forensic Analysis” discusses the various ways a security professional could harness the power of Python.
Python is a cross-platform high-level language that provides a rich interface for forensic analysts to write scripts to examine digital evidence.
Some of it uses are-
1. Writing Crypto, Hash, and conversion functions,
2. File Metadata extraction,
3. Examining Microsoft artifacts – the Registry, ActiveDirectory, Windows OS etc.,
4. Examining *-nix artifacts – root, file directories, custom files,
5. Tracking email and web client usage,
6. Footprinting applications,
7. Cracking encryption and steganography,
8. Analyzing volatile (RAM) memory, and
9. Analyzing network traffic
Reference:
O’Connor, T. (2010). Grow Your Own Forensic Tools: A Taxonomy of
Python Libraries Helpful for Forensic Analysis. Retrieved from https://www.sans.org/reading-room/whitepapers/forensics/grow-forensic-tools-taxonomy-python-libraries-helpful-forensic-analysis-33453