Menu

Scripting for Digital Forensic Investigators

This class is offered in partnership with INSIG2, one of Europe’s leading digital forensic and integrated security educational providers.

About the Class

Our 5 day, Scripting for Digital Forensic Investigators course, has been designed for students with no prior programming experience, however it is recommended that students have experience working with digital forensic software.

In this course students will be provided with an introduction to:

  • the basics of programming,
  • using programming languages,
  • a basic understanding of algorithmic principles, planning, preparation, and execution of program code.

Students will develop fundamental skills needed for understanding and working with data structures, program control, and operators. Class assignments include the preparation of small program segments, while working in both a group environment, and independently, and the needed practical skills that will help them start scripting. This course is essential for digital forensics specialist willing to explore more possibilities when acquiring digital data from the large data sources.

Course Objectives:

  • Understand simple algorithms and create programs using metalanguage.
  • Create algorithms of simple processes in digital forensics.
  • Understand the model of object-oriented programming.
  • Use Python IDE, and digital forensics libraries related to forensics.
  • Understand and work with basic data types and structures within Python programming language.
  • Use basic operators, conditions and loops.
  • Write functions and know how to accept values through parameters.
  • Create and use classes and objects.
  • Understand method overriding and how to extend existing classes – polymorphism.
  • Understand and modify existing programs according to their needs.
  • Understand and apply good coding practices and defensive programming.
  • Write and use programs that automate common tasks during forensic examinations which can help the investigator by making retrieval of evidence faster and reducing the amount of undiscovered evidence.

Prerequisites:

No previous programming knowledge or skills are required, however it is recommended that students have experience working with digital forensic software.

Course Outline

Day 1

Participants will get an overview of the history of computer development. Von Neumann model of the computing and data processing will be introduced and explained. Concepts of metalanguage will be explained, and participants will write simple programs for calculation in metalanguage. They will also get acquainted with Python and Python IDE.

  • Understand the basics of computer technology.
  • Learn basic concepts of programming.
  • Understand and create programs using metalanguage.
  • Create algorithms of simple processes in digital forensics.
  • Understand the model of procedural and object-oriented programming.
  • Learn how to install different versions of Python.
  • Use Python IDE, and digital forensics libraries related to forensics.

Day 2

Day two deals with: lists, dictionaries, strings, and other data types and structures. We cover working with operators, flow control and files. Finally, participants will learn how to create and work with functions.

  • Understand basic data types and structures within Python programming language.
  • Understand files and basic file operations.
  • Store Python objects in files (serialization).
  • Use basic operators, conditions and loops.
  • Use sequence functions and operators.
  • Index and slice sequences.
  • Work with dictionaries and dictionary items.
  • Write functions and accept values through parameters.
  • Work with global variables and constants.

Day 3

Day three deals with object-oriented approach. It covers classes, objects, polymorphism, and function overriding and overloading using simple real-life examples with hands-on exercises.

  • Understand the terms object and object-oriented programming.
  • Understand the how and why, when using objects in programming languages.
  • Create and use objects.
  • Make objects communicate with each other.
  • Create complex objects by combining simpler ones.
  • Understand and use method overriding, overloading and how to extend existing classes – polymorphism.

Day 4

During day 4 the participants will play, write and use several programs that utilize important programming concepts, learned in previous lessons. The participants will use Python programming language, and the trainers will provide assistance.

  • Understand existing programs.
  • Modify existing programs as needed
  • Divide problems into a series of simpler problems and write programs to solve them.
  • Understand and apply good coding practices and defensive programming.
  • Show examples of some programs that can be used during forensics investigations.
  • Write and use programs that automate common tasks during forensic examinations.

Day 5

Day 5 continues the work started on the previous day. Additional forensic programs will be created and explained. Day 5 also covers Python integration with other forensic tools. The last part of day 5 is reserved for evaluation

  • Continuing exercises from the previous day.
  • Python integration with other forensic tools.
  • Student evaluation.
  • Exam.

Upcoming Dates