Chet Hosmer - Python Forensics

First Edition

Chet Hosmer

Technical Editor: Gary C. Kessler

Acquiring Editor: Steve Elliot

Editorial Project Manager: Benjamin Rearick

Project Manager: Priya Kumaraguruparan

Designer: Mark Rogers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright 2014 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described here in. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication Data

Application Submitted

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

ISBN: 978-0-12-418676-7

For information on all Syngress publications, visit our website at store.elsevier.com/syngress

Printed and bound in the United States of America

14 15 16 17 18 10 9 8 7 6 5 4 3 2 1

To my wife Janet, for your love, kindness, patience, and inspiration that you give every day. I am the luckiest guy in the world.

My sincere thanks go to:

Dr. Gary Kessler, the technical editor for this book. Gary, your insights, fresh perspective, deep technical understanding, and guidance added great value to the book. Your constant encouragement and friendship made the process enjoyable.

Ben Rearick and Steve Elliot at Elsevier, for your enthusiasm for this topic and all the guidance and support along the way. This spirit helped more than you can know.

The many teachers that I have had over the years in software development and forensics that have helped shape the content of this book. Ron Stevens, Tom Hurbanek, Mike Duren, Allen Guillen, Rhonda Caracappa, Russ Rogers, Jordon Jacobs, Tony Reyes, Amber Schroader, and Greg Kipper.

Joe Giordano, who had the vision in 1998 to create the first U.S. Air Force research contract to study forensic information warfare. This one contract was the catalyst for many new companies, novel innovations in the field, the establishment of the digital forensic research workshop (DFRWS), and the computer forensic research and development center at Utica College. You are a true pioneer.

Not only does Hosmer provide an outstanding Python forensics guide for all levels of forensics analysis, but also he insightfully illustrates the foundation of a rich collaborative environment that significantly advances the forensic capabilities of the individual, organization, and forensic community as a whole. For analysts, investigators, managers, researchers, academics, and anyone else with an interest in digital forensics: this is a must read!

Michael Duren, (CISSP) , Founder of Cyber Moxie

With today's rapid changes in technology digital forensics tools and practices are being forced to change quickly just to remain partially effective; and the technical skills investigators relied on yesterday are quickly becoming obsolete. However, with new technology comes new tools and methods, and the Python language is in one of the best possible positions to be leveraged by investigators. Python Forensics is quite simply a book that is ahead of its time, and because of this, it is the perfect book for both the beginner and the experienced investigator. Chet Hosmer does a great job of helping the reader refresh older skills and create new ones by offering step-by-step instructions and intelligently framing the information for maximum understanding and contextual awareness. The skills you will learn from Python Forensics will help you develop a flexible and innovative toolkit that will be usable for years to come.

Greg Kipper, Senior Security Architect and Strategist at Verizon

This book presents a refreshing, realistic view on the use of Python within modern, digital forensics; including valuable insight into the strengths and weaknesses of the language that every knowledgeable forensics investigator should understand.

Russ Rogers, President of Peak Security, Inc.

This book is extremely useful for the forensic Python programmer also for those with little or no programming experience, and an excellent reference cookbook for the experienced programmer. The book considers issues relating to Daubert including testing and validation which is vital for the accreditation of forensic solutions.

Zeno Geradts, Senior Forensic Scientist and R&D coordinator at the Netherlands Forensic Institute

As always, Chet Hosmer provides a comprehensive and groundbreaking evaluation of a contemporary platform applicable to digital forensics. Extremely well written and user friendly, the book provides a solid foundation for all levels of forensic Python programmers, and includes a much-needed discussion on empirical validation. Quite simply, the book is a must have for all who maintain a digital forensics library.

Dr. Marjie T. Britz, Clemson University

Chet Hosmer is a Founder and Chief Scientist at WetStone Technologies, Inc. Chet has been researching and developing technology and training surrounding forensics, digital investigation, and steganography for over two decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, NHK Japan, Crime Crime TechTV, and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com, and Wired Magazine.