Why use Python in Digital Forensics?
Commercially available digital forensics tools, while absolutely essential, are not always agile enough to keep pace with the latest developments in new technology.
When one of these tools has a gap in its capabilities, being able to use a python scripting language, can significantly reduce the complexity and inefficiency involved in completing that task manually. Whether it’s parsing raw binary data untouched by other tools, reading information from databases and generating reports or moving files into a folder structure based on their content, Python offers a way to automate these tasks.
A scripting language such as Python should be an essential item in a Digital Forensic Practitioner’s toolkit. It has the combination of power, expressiveness and ease of use that makes it a necessary addition to the traditional, off-the-shelf digital forensic tools.
Who should attend?
High Tech Crime Units. Forensic Analysts and Investigators.
- gain an understanding of the core “atoms” which make up a programming language
- build knowledge of Python syntax, data structures and idioms through programming tasks
- develop skills around the core areas of file and file-system handling, text and binary parsing which provide a foundation for many Python scripts
- apply the principles and techniques to write and interact with Python syntax and core keywords/functions effectively
Course Overview: Introductory Course
This course is designed as an introduction to Python scripting language which is a powerful, easy to learn and user friendly programming language. It has many features which lend themselves to use in Digital Forensics. This course will demonstrate how Python can automate time-consuming but necessary tasks, such as parsing raw binary data untouched by other tools, reading information from databases and generating reports, and moving files into a folder structure based on their content. Therefore saving valuable time and allowing a more focused approach to analyse the data.
- Day 1
- understand what Python is and what it can be used for
- setting up a Python coding environment
- the building blocks of programming languages and understanding program flow
- Python syntax and core keywords/functions
- Pythonic Idioms
- Day 2
- file handling
- file system operations
- text processing
- binary processing
Introductory Course – 2 Days
13th and 14th September 2017
14th and 15th November 2017
Introductory: £1295 + VAT
Course overview: Intermediate Course
This course is designed to expand on the content covered in the Python Introductory Course. Delegates will encounter and learn to use a number of built-in and third party libraries useful for digital forensics practitioners, such as those used for binary parsing, SQLite databases, XML and JSON data formats, as well as furthering their understanding of some of the key concepts in Python.
- Day 1
- refresh and review core concepts
- SQLite database access
- dealing with timestamps
- JSON and the Dictionary data type
- parsing and extracting data from XML
- Day 2
- finding, installing and managing 3rd Party Modules
- image and image metadata processing using “Pillow”
- “screen scraping” webpages with Beautiful Soup
- encryption and decryption with PyCrypto
- practical challenges
Intermediate Course – 2 Days
25th and 26th October 2017
Intermediate: £1295 + VAT
CCL Training Academy in Stratford-upon-Avon, we can also provide on-site training for groups.
How to book
Booking for this course will be done directly through the CCL Training Academy.
Places will be allocated on a first come, first served basis and we reserve the right to cancel this course if we do not secure a minimum number of delegates.
*Discounts are available for the Police and Law Enforcement agencies and group bookings.