Python Forensics –  Latest Conference Participation





enfuse 2017 Conference Presentation

Asset Mapping with Python, presented by Chet Hosmer

Download Session Python Source Code






PFIC 2016 Conference Python Forensics Presentation
Python Zero to Hero in 90 Minutes

Python Zero to Hero in 90 Minutes
Chet Hosmer, Python Forensics
The Python programming language is ideally suited for the development of specialized forensic and investigative applications. In addition, Python scripts can be integrated with existing forensic platforms to extend their capability. The language and environment can be mastered by virtually anyone with an interest.

This session is specifically targeted at those with limited or even zero-knowledge of Python, Scripting or Programming. The session will provide a hands-on introduction to Python where students will first use existing Python Forensic Scripts developed by the author and then develop their own Python Forensic script leveraging a supplied template.

All participants will receive the open source examples and templates utilized during the session.

Thank you to all who participated in the presentation.  As promised, Click to download a zip file containing the source code and presentation.


HTCIA 2016 Conference Presentation


Thank you for participating in the HTCIA 2016 session:

Python Multi-Core Password/Key Cracking

As promised here is the zip file containing the presentation and associated source code.


Presentation Abstract

HTCIA 2016 Presentation, Python Multi-Core Password/Key Cracking

The ability to (with proper warrant or rights) crack passwords and the associated encrypted files has become a vital issue for DFIR and traditional forensic investigations. This presentation will demonstrate the use of multi-core processing capabilities built into the Python programming language along with specific methods to crack and recover passwords using brute force and dictionary methods.
All methods demonstrated are open source and participants of the lecture will be given access to the source code to experiment with, apply to investigations or expand upon.

1. Fundamental understanding of the Python Language multi-core processing capabilities.
2. Clear understanding on how to apply multi-core processing to the cracking of passwords and encryption
3. Take-away Python open source code that can be immediately applied
4. Key limitations and proper processes that need to be in place during cracking operations
5. Understand the distinction between dictionary and brute force methods and how to apply each

Related Book:

Python Forensics Book

Python Forensics Book

Python Forensics provides many never-before-published proven forensic modules, libraries, and solutions that can be used right out of the box. In addition, detailed instruction and documentation provided with the code samples will allow even novice Python programmers to add their own unique twists or use the models presented to build new solutions.

Rapid development of new cybercrime investigation tools is an essential ingredient in virtually every case and environment. Whether you are performing post-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.

Drawing upon years of practical experience and using numerous examples and illustrative code samples, author Chet Hosmer discusses how to:

  • Develop new forensic solutions independent of large vendor software release schedules
  • Participate in an open-source workbench that facilitates direct involvement in the design and implementation of new methods that augment or replace existing tools
  • Advance your career by creating new solutions along with the construction of cutting-edge automation solutions to solve old problems
  • Provides hands-on tools, code samples, and detailed instruction and documentation that can be put to use immediately
  • Discusses how to create a Python forensics workbench
  • Covers effective forensic searching and indexing using Python
  • Shows how to use Python to examine mobile device operating systems: iOS, Android, and Windows 8
  • Presents complete coverage of how to use Python scripts for network investigation



Talk: What’s Lurking Inside MP3 Files That Can Hurt You?  Mike Raggo and Chet Hosmer

This session will dive into the details of MP3 files examining the potential covert and overt contents that they harbor. MP3 and more specifically the ID3 header of MP3 files contain a data structure that contains a massive set of data to satisfy the appetite of the most ardent music enthusiast, but these same contents also pose a nightmare for those tasked with uncovering covert communications and hidden content. In addition, the talk will dive into the digital rights management capabilities of MP3/ID3 to assess whether the mechanisms provide any real protection for the authors, artists, publishers or distributors of one of the most popular sources of digital music. We’ll outline techniques and a python tool for removing the DRM to demonstrate the ineffectiveness of some implementations of DRM, including a top 3 media subscription service of ebooks, music, and video.

Related Book:

data hiding

Enfuse 2016 Caesars Palace Las Vegas

pyMP3 Source Code – Enfuse 2016 Extracting Hidden Content from Multimedia Files with Python.

During this Enfuse 2016 presentation, Chet Hosmer demonstrated the Python Script pyMP3 used to extract content from MP3 music files.

For those attending the presentation, I’m including the Python Source Code, thank you for participating in a great session. I enjoyed the questions, interaction and kind words from everyone.  Best of luck and happy hunting.

Python Forensics Book

Python Forensics Book