Course Python Forensics

In the course Python Forensics the participants learn to use the Python programming language for the investigation of data on desktop computers and mobile devices and the analysis of message traffic to support investigative research.

  • Content
  • Training
  • Modules
  • General
  • Reviews
  • Certificate
  • Course Python Forensics : Content

    Device Data Analysis

    The course targets the research and analysis of the data present on devices in file systems, browsers, log files and other data sources.

    Python Fundamentals and Libraries

    In the first place the fundamentals of the Python programming language are discussed in which data types, control flow, classes, modules, packages and comprehensions are discussed. Various Python Libraries that are important in criminal investigations are also discussed, such as the Regular Expression pattern matching library, the log library and the Date and Time library.

    File and Database Analysis

    Subsequently extensive attention is paid to the approach to the file system and the analysis of files. Special topics are the creation of Artifact Reports and the hashing of Data Streams.
    The analysis of databases such as SQLite, identifying gaps in them and data recovery are also part of the course program. Furthermore it is discussed how location data can be retrieved from Wi-Fi messages and the analysis of web server logs is treated.

    Audio and Video Analysis

    The analysis of audio and video data and the mining of PDF and Office Metadata are also part of the course schedule. The registry can also provide important information and its analysis is discussed.

    Mail Box Analysis

    Finally attention is paid to the analysis of PST and OST mail boxes, the reading and analysis of EML files and the detection and use of Key Loggers.

  • Course Python Forensics : Training

    Audience Course Python Forensics

    The course Python Forensics is designed for developers and analysts who want to learn how to use Python for criminal investigation to support the legal process.

    Prerequisites Training Python Forensics

    Knowledge and experience with Python programming is not strictly necessary to participate in this course. Experience in Python programming is beneficial to good understanding.

    Realization Training Python Forensics

    The theory in the course Python Forensics is discussed on the basis of presentation slides. Illustrative demos clarify the concepts. The theory is interchanged with exercises. Course times are from 9:30 to 16:30.

    Certificate Python Forensics

    After successful completion of the course the participants receive an official certificate Python Forensics.

    Python Forensics Course
  • Course Python Forensics : Modules

    Module 1 : Python Essentials

    Module 2 : Classes and Objects

    Module 3 : Python Libraries

    Python 2 versus Python 3
    Lines and Indentation
    Python Data Types
    Numbers and Strings
    Lists and Tuples
    Sets and Dictionaries
    Python Flow Control
    Modules and Packages
    Exception Handling
    Python Object Orientation
    Creating Classes
    Class Members
    Creating and Using Objects
    Property Syntax
    Static Methods
    Inheritance and Polymorphism
    Constructor Chaining
    Overriding Methods
    Abstract Classes
    Regular Expressions
    Log Configuration
    Unit Testing
    Dates and Times
    JSON Access
    XML Access
    Numpy Library
    Pandas Library

    Module 4 : File Analysis

    Module 5 : DB and Mobile Data

    Module 6 : Extracting Metadata

    File I/O
    Iterating over Files
    Recording File Attributes
    Copying Files
    Attributes and Timestamps
    Hashing Data Streams
    Creating Artifact Reports
    Working with CSVs
    Visualizing Events with Excel
    Parsing PLIST Files
    Database Access
    Python DB API
    Handling SQLite Databases
    Identifying Gaps in SQLite
    Logging Results
    Putting Wi-Fi on the map
    Recover Messages
    Log-Based Artifact Recipes
    Parsing IIS Web Logs
    Interpreting daily.out Log
    Audio and Video Metadata
    Mining for PDF Metadata
    Review Executable Metadata
    Office Document Metadata
    Metadata Extractor with EnCase
    Networking Analysis
    Compromise Recipes
    Jump start with IEF
    Taking Names Recipes
    Viewing MSG Files

    Module 7 : Forensic Artifacts Recipes

    Module 8 : Parsing PST Containers

    Module 9 : Key Loggers

    Forensic Evidence Recipes
    Opening Acquisitions
    Gathering Media Information
    Processing Container Files
    Searching for Hashes
    Searching High and Low
    Reading the Registry
    Gathering User Activity
    Parsing Prefetch Files
    Indexing Internet History
    Dissecting the SRUM database
    Personal Storage Table
    PST and OST Mailboxes
    libpff and pypff
    Reading Emails
    Parsing EML files
    Traversing Folders
    Summarizing Data
    Using HTML Templates
    Heat Map
    Word Statistics
    pffexport and pffinfo
    Detecting Malicious Processes
    Hardware Keyloggers
    Software Keyloggers
    Monitoring Keyboard Events
    Capturing Screenshots
    Capturing Clipboard
    Monitoring Processes
    Multi Processing
    Keylogger Controllers
    Special Keys
    Non-English Keyboards
  • Course Python Forensics : General

    Read general course information
  • Course Python Forensics : Reviews

  • Course Python Forensics : Certificate