This 5-day advanced course takes a hands-on, in-depth look using Python to process and aid in the investigation of the forensic recovery of data found in today’s smartphones. This class is recommended for those familiar with UFED Physical Analyzer or who have completed the CCPA course. Suited for those with little to no knowledge of Python or scripting, the course teaches you the fundamentals of scripting languages and incorporating them into your forensic investigations.
You will explore data types and variables, look at strings, input, testing, and formatting. From there, learn about arguments and parameters, along with conditionals and nested conditionals. By the end of the course, you’ll be able to create programs that prompt users for input, use conditional (True/False) logic and Python methods to interpret data from files and provide feedback for your reports. Plus, learn basic troubleshooting for your code.
Introductory Python Scripting
This module introduces you to scripting using the Python language. Python supports all models of forensics, from mobile, to computers, to networks. You can use Python to automate tasks, comb through data, and locate and process the vast amounts of digital evidence we get from devices today. You will use practical, hands-on exercises using open source software and integrate some scripts into Physical Analyzer. You will learn:
Working with Dates and Times
Making Decisions with Code
Complex Decisions with Code
Repeating Events Until Done
How to Save Information in Files
Reading from Files
Python Forensic Application
In this module you will apply the skills you just learned into incorporating several scripts into a practical case. You may write your own scripts, change some of the ones provided or both to get the results from your evidence. This enjoyable team exercise lets you expand upon both your forensic and newly honed scripting experience.
Physical Analyzer and Python
This module focuses on learning the basic Python interpreter used by Physical Analyzer. You will incorporate your newly learned Python skill into reading data from a device extraction and using a basic script to include it in analysed data.
Identify the Python functionality within PA
Utilize the Python guide for Physical Analyzer
Use a script to extract basic information
Understand how to incorporate your findings into the Analyzed Data section
This module focuses on SQLite database structures and using the Python’s SQLite library to interpret and generate a report on your findings.
Identify SQLite databases
Identify SQLite database structures
Explain how data is stored within records
Use Python to extract and analyze binary large object (BLOB) data from databases and process the results
Use Python to search and extract data from SQLite files found in today’s mobile devices
Utilize both Physical Analyzer and open source tools to report on your findings