Python Forensics

BT215

Table of Contents

Description

What makes an excellent digital forensics investigator is to have the knowledge and skills to automate forensics stages using the power of the Python programming language. Many laboratories rely on Python to build basic models for predictions and to run experiments. It also helps to control critical operational systems. Python has built-in capabilities to support the digital investigation and protect the integrity of evidence during an investigation.

This training will provide the participant with steppingstones on how to take forensics skills to the next level, combining them with powerful Python scripting.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
  • Self-work at home between lessons
  • Repetition of materials, self-learning, performing tasks, etc…

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.

Target audience

  • Law enforcement officers & intelligence corps
  • Incident responders
  • Computer investigators
  • IT/network administrators
  • IT security personnel
  • Junior-Cyber forensics analysts

Objectives

  • Learning to work with different modules to accomplish tasks
  • Analyzing artifacts left on a compromised system using Python
  • Performing network traffic monitoring and analyzing logs

Pre-requisites

ThinkCyber Level-1 Courses

Syllabus

Description

During this module, participants will be introduced to the world of Python. They will learn to install Python and its additional modules, write basic scripts, create clients and servers socket, and to work with files.

Technical content

  • Introduction to Python Scripting
    o Installing of Python
    o Python Basics
    ▪ Variables and Booleans
    ▪ Dictionaries and Tuples
    ▪ Conditional Statements
    ▪ While and For Loops
    ▪ Scoping and Subroutines
    ▪ Exceptions, Testing, Comprehensions
    ▪ Files I/O
  • OS and Networks
    o Using PIP to Install Additional Modules
    o The OS Module
    ▪ os.stat()
    ▪ os.walk()
    ▪ os.environ()
    o Sockets
    ▪ Simple HTTP Request
    ▪ Network Client and Server

Description

This module will cover the subject of network forensics; participants will learn to install and work with a variety of network frameworks and tools, as well as network trace analysis and capturing, recovering, and visualizing the traffic.

Technical content

  • Pandas and Scapy
    o Introduction to Scapy
    o Crafting Raw Packets with Scapy
    ▪ Sending DNS Requests
    ▪ Replacing the Default ICMP Payload
    ▪ ARP Packets
    o Communicating with SSL
    o Introduction to Numpy
    ▪ Numpy Basics
    ▪ Universal Functions
    ▪ Boolean Indexing
    o Panda Basics
    ▪ Vector Operations
    ▪ String Operations
    o Panda Dataframe Basics
  • Analyzing Network Traces
    o DSHELL Framework
    o Network Traces Statistics
    o Visualizing Network Traces
    o Converting Pcap to Pandas DataFrame
    o Basic Payload Investigation

Description

Python OS Forensics is a core essential of Python forensics; this module will cover forensics in both of the primary operating systems today, image manipulation, and metadata analysis.

Technical content

  • Python Forensics in Windows
    o Basic File Metadata
    o Data Representation
    o Carving Data and Metadata
    o Analyzing Windows Artifacts
    o Windows Event Logs Handling
  • Python Forensics in Linux
    o The Linux Filesystem
    ▪ Understanding inode
    ▪ File Capabilities
    ▪ Basic File Metadata
    o Analyzing User’s Command-Histories
    o Capturing Images
    o Extracting Object from Image
    o Memory Capture and Analyzes

Description

During this module, participants will learn to deal with advanced networking.

Technical content

  • Advanced Forensics
    o Advanced Networking
    ▪ Replaying Network Traces
    ▪ Preforming Basic Attacks
    o Working with Data
    o TWISTED Python
    ▪ TWISTED Reactor
    ▪ TWISTED Deferreds
    ▪ TWISTED Transport
    o Footprinting Applications

Labs

The following labs are part of the actual BT215 course:
  • Lab 1 Basic Python Scripting
  • Lab 2 Building Remote Connection
  • Lab 3 Panda Basics
  • Lab 4 Analyzing Network with Python
  • Lab 5 Registry
  • Lab 6 Memory
  • Lab 7 Linux Forensics
  • Lab 8 Building a Framework

Real cases studies

BT215

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group:
defense

LEVEL
0%
HOURS
1

 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

Hands-on
1 %
Labs
1
Case Studies
1

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details

Subscribe