Chet Hosmer - PowerShell and Python Together

Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the books product page, located at www.apress.com/9781484245033 . For more detailed information, please visit http://www.apress.com/source-code .

The endeavor to integrate PowerShell and Python came about a couple of years ago. I was providing training for a large utility and began by teaching the members of the secure operations center, or SOC, on how to apply Python scripts during investigations and incident response. A few months later, they asked for similar training this time using PowerShell as the scripting engine for the SOC team. Based on this, I quickly realized that PowerShell was perfect for acquisition of information across the enterprise, and Python was good at performing analysis of data that had been acquired by other tools.

Now, of course, PowerShell advocates will say that PowerShell scripts can be developed to perform detailed analysis. Likewise, Python advocates will say Python scripts can be developed to perform very capable evidence acquisition. I agree with both advocates but only to a point. The real question is if we combine the best of both environments, does 1 + 1 = 2 or does 1 + 1 = 11? I believe that the answer falls somewhere in the middle.

Thus, the purpose of the book along with the research and experimentation that went into it was to build a model, in fact two models, to integrate and leverage the best capabilities of Python and PowerShell and apply the result to digital investigation . It is important to note that this is a work in progress. I believe that the continued development of advanced PowerShell and Python capabilities that leverage the models provided here has great potential and should be pursued.

Therefore, I encourage you to experiment with the models that I have presented here and use them to develop new solutions that are desperately needed to acquire and analyze evidence collected before, during, and after a cyber incident, a cyber breach, as well as physical or cybercrimes . I also encourage you to share your work and innovations with others in our field to benefit those that fight cybercrime every day.

Im deeply appreciative of Joe Giordano, the driving force behind cybersecurity research and development, and ultimately education for the past four decades. Your quiet, humble, and persistent work has and is making a true impact on the security of our nation.

I want to thank Scott vonFischer, Tony Ombrellaro, and Dave Bang for providing the catalyst for this book. Your forward thinking, ensuring that your teams learn and apply the latest scripting environments to solve challenging problems in forensics and incident response, has been a true inspiration.

To my students at Utica and Champlain colleges, who constantly surprise, challenge, and inspire me to find new ways to share my decades of experience in software and scripting development to tackle the challenges of cybercrime investigation.

To Dr. Gary Kessler for his tireless validation of my scripts and writing. He always delivers sound advice on how to make both better.

To the whole team at Apress, especially Rita Fernando and Laura Berendson, for your constant encouragement, dedication, and patience throughout this project.

To my wonderful wife Janet, who always provides me with insights and a point of view about a challenge that I never thought of. These insights often, if not always, lead to new solutions and approaches that constantly improve my work.