Make Python Your “First” Language – for investigating cybercrime!

By Chet Hosmer

Many digital investigators, students, academics, examiners and researchers are frustrated by the current set of forensic tools available.  Don’t get me wrong, many of the toolkits are quite capable, but they also can be complex, expensive and come with a steep learning curve.  Furthermore, when the need arises to address new issues, handle special cases or to directly impact performance by unleashing multiple processing cores toward a specific problem, your control may be limited.  In addition, you may want to develop a deeper understanding of how digital evidence is acquired, examined and analyzed and add some of your own twists to the art of cybercrime investigation.

python logoEnter Python Forensics

The Python programming language is an environment that can be learned and applied by “anyone”.  You simply need a computer (PC, Mac, Linux, iOS, Android, Raspberry Pi or even and old Microvax laying around, and another yes – even a Windows phone) In addition, the open source nature has connected developers and researchers across the globe spurring them on to innovate modules and libraries to address many challenges including but certainly not limited to: space flight, weather prediction, financial modeling, movie production and now digital investigations.  Python is used today by prominent organizations like Google, Disney, Dropbox, Industrial Light and Magic, the National Weather Service, NASA, IBM and many others.

The language has built-in capabilities that directly relate to digital investigation.  For example the code below will perform a SHA 256 hash of a string – in three lines of code no less! This is one of the fundamental practices performed in digital investigation to protect the integrity of evidence and to perform searches for specific known files.

>>> import hashlib
>>> sha256 = hashlib.sha256()
>>> sha256.update("some data I would like hashed")
>>> print "SHA 256: "+sha256.hexdigest()

SHA 256: 994dcf28257fd644d4393e1fb56e26f3ed66e602b697b7bfaec1fc54bd475e2e

Internet protocolsOr maybe you need to capture network packets to identify possible information leaks.  Python provides Standard Libraries for a variety of network interface capabilities.  For example the built-in socket library provides the necessary building blocks for creating simple or advanced scripts that interface with the network.

>>> import socket
>>> mySocket = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
>>> recvBuffer, addr = mySocket.recvfrom(255)

Python Forensics: A workbench for inventing and sharing digital forensic technoology, my most recent book, dives into these and many other topics to provide you with a deep understanding of the fundamental concepts of applying the Python language to digital investigation challenges. The book also contains fully coded and documented python applications that can be used out of the box or extended by you.

So what are you waiting for? Start building, learning and experimenting with your new first language “Python”! And be sure to keep in touch along your journey!!


chet image for blogChet Hosmer is an author, educator and researcher.  Chet is a co-founder of WetStone Technologies, Inc., a Visiting Professor at Utica College in the Cybersecurity graduate program, and an Adjunct Professor at Champlain College where he teaches in the Digital Forensics Graduate program.  He resides with his two-legged and four-legged family near Myrtle Beach, South Carolina.  He is the author of the popular Syngress titles Data Hiding and Python Forensics, with more to come!

This entry was posted in Example, General, Source Code. Bookmark the permalink.

One Response to Make Python Your “First” Language – for investigating cybercrime!

  1. INDRA DHAON says:

    This will definitely help in getting all investigators around the lobe to work closely and build a platform which is intuitive, requires less space to run applications, easy to manipulate (thanks to being Open Source) and yet powerful!

    The way Volatility has evolved since I used it back in 2009 and now with the amount of plugins that are available for Volatility, they help in quicker analysis of evidence.

    Hope everyone works together to build a secure and peaceful virtual world 🙂

    Best wishes,

Leave a Reply to INDRA DHAON Cancel reply

Your email address will not be published. Required fields are marked *

2 × = fourteen