Using Python to Further Your Digital Forensic Investigations
They say there is no one tool that can do everything during a forensic examination. The solution: Create your own tools!
Learn to create your own mobile device forensic tools with Python Programming. Despite the best efforts of today’s existing forensics tools, they’re unable to support every device and every app. Eventually (if it hasn’t happened already), the data critical to your examination will be passed over by your existing tools. Don’t let it happen! If you’re lucky, you’ve found the data…but now what?
Using Python to target the information you’re seeking can be the most efficient and effective way to search through the data. Our new Python for Forensics course teaches the fundamentals of Python, and offers a catalog applicable scripts to help the digital forensic examiner with some of today’s most common and challenging apps.
This course is very “hands on” and includes numerous practical exercises. While this course will focus on data obtained from mobile devices, the skills learned will be very similar for working with any type of data (e.g., computer instant messenger logs).
After a brief recap of numbering systems (binary, decimal, and hexadecimal), data types/sizes, and endian, we cover numbers, strings, fixed and variable length records, common file storage formats, and manual analysis of data. A handful of analysis tools (all included with tuition) are covered to demonstrate how they can help in your analysis of data structures.
Introduction to Programming with Python
This part of the course covers the basics of setting up and programming with Python version 3. The focus of this part is to familiarize yourself with the core features of Python 3.
Python Programming for Mobile Forensics
After learning the basics of Python 3, we will use what was learned during Analysis of Data Structures to create a Python script that will analyze your data and create custom output or a report detailing this information. Additionally, while not a core part of this course, sample Cellebrite Python scripts will be briefly covered for students wanting to use Cellebrite’s existing reporting features.
Students will receive a complimentary copy of Hex Editor Neo Pro to use in class and take home with them.
This course will require a significant amount of typing, and students should be comfortable typing at an average speed. While no programming experience is required, this is an intermediate to advanced course. If you have any questions, please contact us.
Laptop Minimum Requirements
Students will need to bring their own laptops whenever possible. If this is not possible, TeelTech will provide one for you. If you do plan on bringing your own laptop, indicate so on the registration page and please ensure they meet the following requirements.