Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Python Digital Forensics Cookbook

You're reading from Python Digital Forensics Cookbook Effective Python recipes for digital investigations

Product type Paperback

Published in Sep 2017

Publisher Packt

ISBN-13 9781783987467

Length 412 pages

Edition 1st Edition

Languages

Python

Tools

SQLite

Concepts

Forensics

Authors (2):

Chapin Bryce

Miller

View More author details

Table of Contents (18) Chapters

Title Page

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Customer Feedback

Dedication

Preface

1. Essential Scripting and File Information Recipes

2. Creating Artifact Report Recipes FREE CHAPTER

3. A Deep Dive into Mobile Forensic Recipes

4. Extracting Embedded Metadata Recipes

5. Networking and Indicators of Compromise Recipes

6. Reading Emails and Taking Names Recipes

7. Log-Based Artifact Recipes

8. Working with Forensic Evidence Container Recipes

9. Exploring Windows Forensic Artifacts Recipes - Part I

10. Exploring Windows Forensic Artifacts Recipes - Part II

Parsing prefetch files

Recipe difficulty: Medium

Python version: 2.7

Operating system: Linux

Prefetch files are a common artifact to rely on for information about application execution. While they may not always be present, they are undoubtedly worth reviewing in scenarios where they exist. Recall that prefetching can be enabled to various degrees or disabled based upon the value of the PrefetchParameters subkey in the SYSTEM hive. This recipe searches for files with the prefetch extension (.pf) and processes them for valuable application information. We will only demonstrate this process for Windows XP prefetch files; however, be aware that the underlying process we use is similar to other iterations of Windows.

Getting started

Because we have decided to build out the Sleuth Kit and its dependencies on an Ubuntu environment, we continue development on that operating system for ease of use. This script will require the installation, if they are not already present, of three additional libraries...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €14.99/month. Cancel anytime

Authors (2)

Chapin Bryce

Chapin Bryce

Chapin Bryce is a senior consultant at a global firm that is a leader in digital forensics and incident response investigations. After graduating from Champlain College, with a bachelor's degree in computer and digital forensics, Chapin dove into the field of digital forensics and incident response joining the GIAC advisory board and earning four GIAC certifications: GCIH, GCFE, GCFA, and GNFA. As a member of multiple ongoing research and development projects, he has authored several books and articles in professional and academic publications, including Python Digital Forensics Cookbook (2018 Digital Forensics Book of the Year, Forensic 4Cast), Learning Python for Forensics First Edition, and Digital Forensic Magazine.

See other products by Chapin Bryce

Miller

Miller

Preston Miller is a consultant at an internationally recognized risk management firm. Preston holds an undergraduate degree from Vassar College and a master's degree in digital forensics from Marshall University. While at Marshall, Preston unanimously received the prestigious J. Edgar Hoover Foundation's scientific scholarship. Preston is a published author, recently of Python Digital Forensics Cookbook, which won the Forensic 4:cast Digital Forensics Book of the Year award in 2018. Preston is a member of the GIAC advisory board and holds multiple industry-recognized certifications in his field.

See other products by Miller

Other recommended products

Related to this chapter

Learning Python for Forensics

Learning Python for Forensics

Learning Python for Forensics, Second Edition begins by introducing you to the fundamentals of Python. You will learn how to develop Python scripts through an iterative design. This book will also help you strengthen your analysis skills and efficiency as you creatively solve real-world problems through instruction-based tutorials.

Jan 2019 15h 52m

Windows Forensics Cookbook

Windows Forensics Cookbook

Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. Whether talking about digital forensics conducted by law enforcement or a corporate security department, the simple fact is that forensics is difficult and there are always challenges to be faced.

Learn Computer Forensics

Learn Computer Forensics

Computer forensics touches on a lot of skills - from answering legal or investigative questions to preparing for an investigation, evidence acquisition, and more. The goal of this book is to acquaint you with some of the forensic tools and techniques to successfully investigate cybercrimes, and become a proficient computer forensics investigator.

Apr 2020 12h 16m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m