What's happening in DFIR?

Start Date: November 28, 2021
Event Type: Course
Delivery Method: Online
Start Date: November 28, 2021
Event Type: Course
Delivery Method: Online
Start Date: November 29, 2021
Event Type: Course
Countries: USA
States (USA): California
Delivery Method: Physical location
Start Date: November 29, 2021
Event Type: Course
Delivery Method: Online
magnet-forensics-magnet-forensics
Start Date: November 30, 2021
Event Type: Course
Delivery Method: Online
This course is an expert-level four-day training course, designed...
Start Date: November 30, 2021
Event Type: Course
Delivery Method: Online
Start Date: November 30, 2021
Event Type: Course
Delivery Method: Online
OSDFCon-logo-sm
Start Date: December 01, 2021
Event Type: Conference
Delivery Method: Online
The 12th Annual Open Source Digital Forensics Conference (OSDFCon)...
Start Date: December 01, 2021
Event Type: Course
Countries: Sweden
Delivery Method: Physical location
his course builds on the knowledge gained from XRY...
Start Date: December 01, 2021
Event Type: Conference
States (USA):
  • Arizona
  • California
  • Colorado
  • Oklahoma
  • Oregon
  • Texas
  • Utah
  • Washington
Delivery Method: Physical location

DFIR Training Blog

BS
Brett Shavers
Hot
In short, everything happened at once or in short succession...the DFIR Training site was attacked, practically everything wiped out. The latest ba...
Published Date
November 05, 2021
BS
Brett Shavers
A few years ago, I wrote a blog post on regulation in the Digital Forensics/Incident Response field titled “The last thing we want in DF/IR is the ...
Published Date
June 03, 2021
BS
Brett Shavers
Everything in this post applies to any career field, but I am targeting the DFIR field.  But first, right out of the gate, I am going to blame fa...
Published Date
April 21, 2021
BS
Brett Shavers
New
This is where the saved minutes take your competence to a much higher level, faster. This is why some consultants can charge $500 an hour or more (...
Published Date
April 13, 2021
BS
Brett Shavers
New
It’s been 5 years this month since DFIR.training started! From a little RSS feed reader to a full-fledged DFIR resource with lots more to come....
Published Date
March 31, 2021
BS
Brett Shavers
New
One of those common questions asked by attorneys to the DFIR professional is “Why do you charge so much? All you are doing is pushing buttons.” Th...
Published Date
March 26, 2021
BS
Brett Shavers
New
Usually, in the “electronic discovery” world, evidence collection consists of simply copying files by a file type and/or from a custodian account...
Published Date
March 02, 2021
BS
Brett Shavers
New
DFIR Review – Year in Review Jessica Hyde > Hi!  We at DFIR Review wanted to take a moment to share some of the great things all the volunteers ...
Published Date
February 04, 2021
BS
Brett Shavers
New
What a year 2020 has been! I am not referring to pandemics, toilet paper shortages, earthquakes, UFOs, politics, or even Tiger King. I am talking a...
Published Date
December 30, 2020
BS
Brett Shavers
Only 10 ways? Probably a lot more. But these are the top 10 that I have seen (some that I have experienced!) that can make a DFIR case go in a dire...
Published Date
July 31, 2019

Python Digital Forensics Cookbook: Effective Python recipes for digital investigations

41IvxirGnhL._SX404_BO1,204,203,200_

Key Features

  • Develop code that extracts vital information from everyday forensic acquisitions.
  • Increase the quality and efficiency of your forensic analysis.
  • Leverage the latest resources and capabilities available to the forensic community.

Book Description

Technology plays an increasingly large role in our daily lives and shows no sign of stopping. Now, more than ever, it is paramount that an investigator develops programming expertise to deal with increasingly large datasets.

By leveraging the Python recipes explored throughout this book, we make the complex simple, quickly extracting relevant information from large datasets. You will explore, develop, and deploy Python code and libraries to provide meaningful results that can be immediately applied to your investigations. Throughout the Python Digital Forensics Cookbook, recipes include topics such as working with forensic evidence containers, parsing mobile and desktop operating system artifacts, extracting embedded metadata from documents and executables, and identifying indicators of compromise. You will also learn to integrate scripts with Application Program Interfaces (APIs) such as VirusTotal and PassiveTotal, and tools such as Axiom, Cellebrite, and EnCase.

By the end of the book, you will have a sound understanding of Python and how you can use it to process artifacts in your investigations.

What you will learn

  • Understand how Python can enhance digital forensics and investigations
  • Learn to access the contents of, and process, forensic evidence containers
  • Explore malware through automated static analysis
  • Extract and review message contents from a variety of email formats
  • Add depth and context to discovered IP addresses and domains through various Application Program Interfaces (APIs)
  • Delve into mobile forensics and recover deleted messages from SQLite databases
  • Index large logs into a platform to better query and visualize datasets

About the Author

Preston Miller is a consultant at an internationally recognized risk management firm. He holds an undergraduate degree from Vassar College and a master's degree in Digital Forensics from Marshall University. While at Marshall, Preston unanimously received the prestigious J. Edgar Hoover Foundation's Scientific Scholarship. He is a published author, recently of Learning Python for Forensics, an introductory Python Forensics textbook. Preston is also a member of the GIAC advisory board and holds multiple industry-recognized certifications in his field.

Chapin Bryce works as a consultant in digital forensics, focusing on litigation support, incident response, and intellectual property investigations. After studying computer and digital forensics at Champlain College, he joined a firm leading the field of digital forensics and investigations. In his downtime, Chapin enjoys working on side projects, hiking, and skiing (if the weather permits). As a member of multiple ongoing research and development projects, he has authored several articles in professional and academic publications.

Table of Contents

  1. Working with System/File Info
  2. A Deep Dive into Mobile Forensics
  3. Extracting Embedded Metadata
  4. Exploring Networking and Indicators of Compromise
  5. Reading Emails and Taking Names
  6. Forensic Evidence
  7. Log Based Artifacts
  8. Exploring Windows Forensic Artifact
  9. Exploring Windows Forensic Artifact
  10. Creating Artifact Report

Product details

  • Publisher ‏ : ‎ Packt Publishing (September 26, 2017)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 412 pages
  • ISBN-10 ‏ : ‎ 1783987464
  • ISBN-13 ‏ : ‎ 978-1783987467

Chapin Bryce

Chapin Bryce is a consultant at a global firm that is a leader in digital forensics and incident response investigations. After graduating from Champlain College with a bachelor's degree in computer and digital forensics, Chapin dove into the field of digital forensics and incident response joining the GIAC advisory board and earning four GIAC certifications: GCIH, GCFE, GCFA, and GNFA. As a member of multiple ongoing research and development projects, he has authored several books and articles in professional and academic publications, including Python Digital Forensics Cookbook (Forensic 4:Cast Digital Forensics Book of the Year, 2018), Learning Python for Forensics, First Edition, and Digital Forensic Magazine.