COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Python Forensics - 1st Edition - ISBN: 9780124186767, 9780124186835

Python Forensics

1st Edition

A Workbench for Inventing and Sharing Digital Forensic Technology

Author: Chet Hosmer
Paperback ISBN: 9780124186767
eBook ISBN: 9780124186835
Imprint: Syngress
Published Date: 5th June 2014
Page Count: 352
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Python Forensics provides many never-before-published proven forensic modules, libraries, and solutions that can be used right out of the box. In addition, detailed instruction and documentation provided with the code samples will allow even novice Python programmers to add their own unique twists or use the models presented to build new solutions.

Rapid development of new cybercrime investigation tools is an essential ingredient in virtually every case and environment. Whether you are performing post-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.

Drawing upon years of practical experience and using numerous examples and illustrative code samples, author Chet Hosmer discusses how to:

  • Develop new forensic solutions independent of large vendor software release schedules
  • Participate in an open-source workbench that facilitates direct involvement in the design and implementation of new methods that augment or replace existing tools
  • Advance your career by creating new solutions along with the construction of cutting-edge automation solutions to solve old problems

Key Features

  • Provides hands-on tools, code samples, and detailed instruction and documentation that can be put to use immediately
  • Discusses how to create a Python forensics workbench
  • Covers effective forensic searching and indexing using Python
  • Shows how to use Python to examine mobile device operating systems: iOS, Android, and Windows 8
  • Presents complete coverage of how to use Python scripts for network investigation


Cybercrime and digital forensic investigators, forensic analysts, software developers, e-discovery researchers, security managers. Secondary audience post graduate and undergraduate students.

Table of Contents

  • Dedication
  • Acknowledgments
  • Endorsements
  • List of figures
  • About the Author
  • About the Technical Editor
  • Foreword
  • Preface
    • Intended audience
    • Prerequisites
    • Reading this book
    • Supported platforms
    • Download software
    • Comments, questions, and contributions
  • Chapter 1: Why Python Forensics?
    • Abstract
    • Introduction
    • Cybercrime investigation challenges
    • How can the Python programming environment help meet these challenges?
    • Python and the Daubert evidence standard
    • Organization of the book
    • Chapter review
    • Summary questions
  • Chapter 2: Setting up a Python Forensics Environment
    • Abstract
    • Introduction
    • Setting up a python forensics environment
    • The right environment
    • Choosing a python version
    • Installing python on windows
    • Python packages and modules
    • What is included in the standard library?
    • Third-party packages and modules
    • Integrated development environments
    • Python on mobile devices
    • A virtual machine
    • Chapter review
    • Summary questions
    • Looking ahead
  • Chapter 3: Our First Python Forensics App
    • Abstract
    • Introduction
    • Naming conventions and other considerations
    • Our first application “one-way file system hashing”
    • Code walk-through
    • Results presentation
    • Chapter review
    • Summary questions
    • Looking ahead
  • Chapter 4: Forensic Searching and Indexing Using Python
    • Abstract
    • Introduction
    • Keyword context search
    • Code walk-through
    • Results presentation
    • Indexing
    • Coding isWordProbable
    • p-search complete code listings
    • Chapter review
    • Summary questions
  • Chapter 5: Forensic Evidence Extraction (JPEG and TIFF)
    • Abstract
    • Introduction
    • Code Walk-Through
    • Chapter review
    • Summary questions
  • Chapter 6: Forensic Time
    • Abstract
    • Introduction
    • Adding time to the equation
    • The time module
    • The Network Time Protocol
    • Obtaining and installing the NTP Library ntplib
    • World NTP Servers
    • NTP Client Setup Script
    • Chapter review
    • Summary questions
  • Chapter 7: Using Natural Language Tools in Forensics
    • Abstract
    • What is Natural Language Processing?
    • Installing the Natural Language Toolkit and associated libraries
    • Working with a corpus
    • Experimenting with NLTK
    • Creating a corpus from the Internet
    • NLTKQuery application
    • Chapter review
    • Summary questions
  • Chapter 8: Network Forensics: Part I
    • Abstract
    • Network investigation basics
    • Captain Ramius: re-verify our range to target… one ping only
    • Port scanning
    • Chapter review
    • Summary questions
  • Chapter 9: Network Forensics: Part II
    • Abstract
    • Introduction
    • Packet sniffing
    • Raw sockets in Python
    • Python Silent Network Mapping Tool (PSNMT)
    • PSNMT source code
    • Program execution and output
    • Chapter review
    • Summary question/challenge
  • Chapter 10: Multiprocessing for Forensics
    • Abstract
    • Introduction
    • What is multiprocessing?
    • Python multiprocessing support
    • Simplest multiprocessing example
    • Multiprocessing File Hash
    • Multiprocessing Hash Table generation
    • Chapter review
    • Summary question/challenge
  • Chapter 11: Rainbow in the Cloud
    • Abstract
    • Introduction
    • Putting the cloud to work
    • Cloud options
    • Creating rainbows in the cloud
    • Password Generation Calculations
    • Chapter review
    • Summary question/challenge
  • Chapter 12: Looking Ahead
    • Abstract
    • Introduction
    • Where do we go from here?
    • Conclusion
  • Index


No. of pages:
© Syngress 2014
5th June 2014
Paperback ISBN:
eBook ISBN:

About the Author

Chet Hosmer

Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using the Python programming language. Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and related defenses. He is also an Adjunct Faculty member at Champlain College in the Masters of Science in Digital Forensic Science Program where he is researching and working with graduate students to advance the application Python to solve hard problems facing digital investigators.

Chet makes numerous appearances each year to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, NHK Japan and ABC News Australia. He is also a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News,, DFI News and Wired Magazine.

He is the author of three recent Elsevier/Syngress Books: Python Passive Network Mapping: ISBN-13: 978-0128027219, Python Forensics: ISBN-13: 978-0124186767 and Data Hiding which is co/authored with Mike Raggo: ISBN-13: 978-1597497435. Chet delivers keynote and plenary talks on various cyber security related topics around the world each year.

Affiliations and Expertise

President, Python Forensics, Inc.


"Covering a panoply of techniques from search to network forensics, reading this book will expand the reader’s understanding of both forensics and the Python libraries." --Computing Reviews, December 2014

"Overall, the book is well laid out. The first few chapters cover some important forensic challenges. The code is easy to follow and well commented." --Help Net Security, December 2014

Ratings and Reviews