Python Forensics

Author: Chet Hosmer
Pages: 352
Publisher: Syngress
ISBN: 0124186769

Introduction

This book was touted as a “no-nonsense resource for the rapid development of new Python-based digital forensic applications.” Given my deep love for Python and an interest in digital forensics, I had high hopes.

About the author

Chet Hosmer is a Founder and Chief Scientist of WetStone Technologies. Chet has been researching and developing technology and training surrounding digital investigation, forensics, data hiding, steganography and cyber security for over two decades.

Inside the book

The book is divided up into small, easy to digest chapters covering a couple of topics over a given theme. The first two chapters can easily skipped as they cover the setup of the Python environment along with the basics of digital forensics.

Chapters four, five and six deal with topics such as searching and indexing, evidence carving and time – all key elements of forensics. However, as with most of the book, the topics are covered from a higher level than the reader may be comfortable with. I was left wanting a little more from the examples given – certainly a little more technical details – so that I and anyone who tinkers with Python and forensics in their spare time could use the examples to further their own learning.

The remaining chapters left me wondering how they fit into the digital forensics theme at all. For example, the two chapters on network forensics covered creating applications to map networks via ping and packet sniffing. I was expecting something more along the lines of extracting useful information from packet captures. Scapy, as an example, has been around for a while now and while it’s not actively developed, it has proven itself very useful in pulling information from packet captures.

The chapter on multiprocessing was a good introduction to the topic and the examples on rainbow tables fit well. But again the question of relevance to digital forensics must be asked.

The final two chapters left me scratching my head completely. While I understand the need for more processing power, the example given in the chapter on “Rainbow in the cloud” lacked any real technical information.

Final thoughts

The author attempts to use the Python Standard Library for all tasks. This methodology lends itself quite nicely to applications being properly cross-platform, which was the author’s goal. Overall, the book is well laid out. The first few chapters cover some important forensic challenges. The code is easy to follow and well commented.

However, from chapter seven onwards I felt the topics weren’t keeping with the theme of digital forensics. If the book had been aimed at newcomers to both Python and forensics, this shortcoming could be overlooked. However, the author leads us to believe that this book is for developing applications to aid in digital forensics and cybercrime investigations. I felt that there were some good examples and the book read well, but it lacked the deeper technical detail I was hoping for.

Don't miss