Python Forensics for Digital Forensic Investigators
Using Python to Further Your Digital Forensic Investigations
They say there is no one tool that can do everything during a forensic examination. The solution? Create your own tools!
Learn to create your own mobile device forensic tools with Python Programming. Despite the best efforts of today’s existing forensics tools, they’re unable to support every device and every app. Eventually (if it hasn’t happened already), the data critical to your examination will be passed over by your existing tools. Don’t let it happen! If you’re lucky, you’ve found the data…but now what?
Using Python to target the information you’re seeking can be the most efficient and effective way to search through the data. Our new Python for Forensics course teaches the fundamentals of Python and offers a catalogue of applicable scripts to help the digital forensic examiner with some of today’s most common and challenging apps.
This course is very “hands-on” and includes numerous practical exercises. While this course will focus on data obtained from mobile devices, the skills learned will be very similar for working with any type of data (e.g., computer instant messenger logs).
Students will receive:
Students will receive a complimentary copy of Hex Editor Neo Pro to use in class and take home with them.
This course will require a significant amount of typing, and students should be comfortable typing at an average speed. While no programming experience is required, this is an intermediate/advanced course. If you have any questions, please contact us.
- Course Code: AT-PYTHON
- Duration: 5 Days
- Laptop Required?: Yes
- This class is open to all forensic professionals.
- *Please Note: Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.
What Will I Learn?
Analysis of Data Structures
After a brief recap of numbering systems (binary, decimal, and hexadecimal), data types/sizes, and endian, we cover numbers, strings, fixed and variable length records, common file storage formats, and manual analysis of data. A handful of analysis tools (all included with tuition) are covered to demonstrate how they can help in your analysis of data structures.
Intro to Programming with Python
This part of the course covers the basics of setting up and programming with Python version 3. The focus of this part is to familiarize yourself with the core features of Python 3.
Programming for Mobile Forensics
After learning the basics of Python 3, we will use what was learned during Analysis of Data Structures to create a Python script that will analyze your data and create custom output or a report detailing this information. Additionally, while not a core part of this course, sample Cellebrite Python scripts will be briefly covered for students wanting to use Cellebrite’s existing reporting features.
We prefer students bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.
For students bringing a laptop to class, please ensure they meet the following minimum requirements:
- Windows 7
- Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
- macOS with Bootcamp Windows 7
- macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have Admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class.