Python Forensics is proud to once again sponsor the HTCIA International Conference
Oct 1-5 in Anaheim California.
We will be exhibiting, speaking and training at this years event. Please stop by our both and/or attended one of our Labs or Lectures.
Leveraging PowerShell with Cool Python Scripts
Rancho Las Palmas
Monday 10:45 AM – 2:15 PM and
Tuesday 2:30 PM – 5:00 PM
This hands-on lab brings together the Python Programming Language and Microsoft’s PowerShell to address digital investigations at a whole new level. PowerShell provides digital investigators with a rich set of cmdlets and deep access to the internals of both the Windows Desktop and Enterprise. The Python development environment provides a rich scripting environment allowing for the rapid development of new tools for investigation, automation and deep analysis. Integrating the best of both technologies facilitates the creation of next generation solutions for incident response forensic live forensic investigation and e-Discovery. During this hands-on lab session, participants will: – Learn the fundamentals of both Powershell and Python. – Use existing PowerShell and Python scripts to extract and examine evidence. – Apply PowerShell and Python to specific Forensics and Incident Response challenges. – Use Python to leverage existing PowerShell CmdLets to perform advanced evidence acquisition.
Speaker: Chet Hosmer
Python Passive IoT Investigations using a Raspberry Pi
Grand Ballroom A
Tuesday 9:00 AM – 10:00 AM
This lecture demonstrates the use of a Raspberry Pi coupled with a dedicated Python script to monitor, detect, respond and record evidence of aberrant behavior originating from or directed to Internet of Things (IoT) devices. The proliferation of IoT devices in business, home, industrial applications, mobile devices, transportation systems, health-care, surveillance systems and government applications has been explosive. “McKinsey estimates the total IoT market size in 2015 was up to $900M, growing to $3.7B in 2020” (McKinsey 2016) The impact on digital investigations based on the rapid proliferation of IoT is significant. The IoT devices, their networks and related cloud based systems have the potential of holding key information related to traditional criminal activity, as well as detailed evidence associated with Internet based attacks including vital data regarding those responsible. During this lecture and live demonstration, attack methods and exfiltration examples will be covered in detail. In addition, a Raspberry Pi, will be used to monitor, detect, react and record evidence of live attempted attacks and exfiltration exploits of the IoT devices being monitored. A detailed walk-through of the Python script used to perform the monitoring, detection, reaction and evidence capture methods will also be provided.
Speaker: Chet Hosmer