Python and Digital Forensics


An April 2010 whitepaper, by T. J. O’Connor, titled “Grow Your Own Forensic Tools: A Taxonomy of Python Libraries Helpful for Forensic Analysis” discusses the various ways a security professional could harness the power of Python.

Python is a cross-platform high-level language that provides a rich interface for forensic analysts to write scripts to examine digital evidence.

Some of it uses are-

1. Writing Crypto, Hash, and conversion functions,

2. File Metadata extraction,

3. Examining Microsoft artifacts – the Registry, ActiveDirectory, Windows OS etc.,

4. Examining *-nix artifacts – root, file directories, custom files,

5. Tracking email and web client usage,

6. Footprinting applications,

7. Cracking encryption and steganography,

8. Analyzing volatile (RAM) memory, and

9. Analyzing network traffic

Reference:

O’Connor, T. (2010). Grow Your Own Forensic Tools: A Taxonomy of
Python Libraries Helpful for Forensic Analysis. Retrieved from https://www.sans.org/reading-room/whitepapers/forensics/grow-forensic-tools-taxonomy-python-libraries-helpful-forensic-analysis-33453