I’m often asked: What is the best environment for developing Python applications?
The answer of course is that depends, mostly on your preferences. The great thing about Python is whether you are most comfortable on a Mac, Windows 8 or Linux you can enjoy the same integrated development environment.
However, with the advent of Ubuntu 12.x LTS (Long Term Support version) it certainly rises to the top for Linux. This version is guaranteed to be supported with updates and security patches until April 2017. http://www.ubuntu.com/download/desktop
In addition, Python 2.7.3 comes installed as part of the base installation. Also, the Ubuntu Software Center is available once installed and by searching for Python a plethora of additional resources and downloads are available to enhance your Python experience.
One of the first questions forensic investigators ask about when writing python programs or scripts is how do I handle Hex and Binary numbers and perform simple operations?
Python has built in intuitive capabilities to handle such numbers. Remember Python is designed to be as easy to read as English.
Opening the Python shell we can see how easy this really is.
Python 2.7.5 (default, May 15 2013, 22:43:36) [MSC v.1500 32 bit (Intel)]
Type “help”, “copyright”, “credits” or “license” for more information.
# First set the variable named value = to the decimal number 127
>>> value = 127
# displaying the number in hex as you would suspect is as easy and saying
# show me the hex representation of the variable “value”. using the proper syntax of course
# I like to see my hex numbers in all caps, I know old school
# so I add on the upper() function as shown below
#displaying the number in binary works the same way
# what if we want to “Exclusive Or” two hex values together?
# we first set variable A = to a hex 20 and variable B = to a hex 40
>>> A = 0x20
>>> B = 0x40
# then we use the carrot operator to create the new variable C
# (this operator represents “Exclusive Or” in most languages)
>>> C = A ^ B
# then we use the hex function once again to display the result
# and of course we then would like to display the variable C in binary
As the saying goes “as easy as pie”
One of the earliest uses of this idiom was in a comic story found in the The Newport Mercury (a Rhode Island Newspaper) back in 1887.
A Python-Forensics lecture, demonstration along with a mini training session was held at the 15th annual Techno Security Conference in Myrtle Beach, SC.
Over 50 attendees participated and we had a great interchange of ideas.
Thanks to all that participated.
Check out the Quick Hash Python Script and submit ideas for improvement
Welcome to Python-Forensics.org
Our mission is to bring together researchers, developers, investigators and anyone else that is passionate about investigating cyber-crime, to build python based forensic tools that are freely shared with the world.