Category: python Digital Forensics

Important Artifacts In Windows-I ”; Previous Next This chapter will explain various concepts involved in Microsoft Windows forensics and the important artifacts that an investigator can obtain from the investigation process. Introduction Artifacts are the objects or areas within a computer system that have important information related to the activities performed by the computer user. The type and location of this information depends upon the operating system. During forensic analysis, these artifacts play a very important role in approving or disapproving the investigator’s observation. Importance of Windows Artifacts for Forensics Windows artifacts assume significance due to the following reasons − Around 90% of the traffic in world comes from the computers using Windows as their operating system. That is why for digital forensics examiners Windows artifacts are very essentials. The Windows operating system stores different types of evidences related to the user activity on computer system. This is another reason which shows the importance of Windows artifacts for digital forensics. Many times the investigator revolves the investigation around old and traditional areas like user crated data. Windows artifacts can lead the investigation towards non-traditional areas like system created data or the artifacts. Great abundance of artifacts is provided by Windows which are helpful for investigators as well as for companies and individuals performing informal investigations. Increase in cyber-crime in recent years is another reason that Windows artifacts are important. Windows Artifacts and their Python Scripts In this section, we are going to discuss about some Windows artifacts and Python scripts to fetch information from them. Recycle Bin It is one of the important Windows artifacts for forensic investigation. Windows recycle bin contains the files that have been deleted by the user, but not physically removed by the system yet. Even if the user completely removes the file from system, it serves as an important source of investigation. This is because the examiner can extract valuable information, like original file path as well as time that it was sent to Recycle Bin, from the deleted files. Note that the storage of Recycle Bin evidence depends upon the version of Windows. In the following Python script, we are going to deal with Windows 7 where it creates two files: $R file that contains the actual content of the recycled file and $I file that contains original file name, path, file size when file was deleted. For Python script we need to install third party modules namely pytsk3, pyewf and unicodecsv. We can use pip to install them. We can follow the following steps to extract information from Recycle Bin − First, we need to use recursive method to scan through the $Recycle.bin folder and select all the files starting with $I. Next, we will read the contents of the files and parse the available metadata structures. Now, we will search for the associated $R file. At last, we will write the results into CSV file for review. Let us see how to use Python code for this purpose − First, we need to import the following Python libraries − from __future__ import print_function from argparse import ArgumentParser import datetime import os import struct from utility.pytskutil import TSKUtil import unicodecsv as csv Next, we need to provide argument for command-line handler. Note that here it will accept three arguments – first is the path to evidence file, second is the type of evidence file and third is the desired output path to the CSV report, as shown below − if __name__ == ”__main__”: parser = argparse.ArgumentParser(”Recycle Bin evidences”) parser.add_argument(”EVIDENCE_FILE”, help = “Path to evidence file”) parser.add_argument(”IMAGE_TYPE”, help = “Evidence file format”, choices = (”ewf”, ”raw”)) parser.add_argument(”CSV_REPORT”, help = “Path to CSV report”) args = parser.parse_args() main(args.EVIDENCE_FILE, args.IMAGE_TYPE, args.CSV_REPORT) Now, define the main() function that will handle all the processing. It will search for $I file as follows − def main(evidence, image_type, report_file): tsk_util = TSKUtil(evidence, image_type) dollar_i_files = tsk_util.recurse_files(“$I”, path = ”/$Recycle.bin”,logic = “startswith”) if dollar_i_files is not None: processed_files = process_dollar_i(tsk_util, dollar_i_files) write_csv(report_file,[”file_path”, ”file_size”, ”deleted_time”,”dollar_i_file”, ”dollar_r_file”, ”is_directory”],processed_files) else: print(“No $I files found”) Now, if we found $I file, then it must be sent to process_dollar_i() function which will accept the tsk_util object as well as the list of $I files, as shown below − def process_dollar_i(tsk_util, dollar_i_files): processed_files = [] for dollar_i in dollar_i_files: file_attribs = read_dollar_i(dollar_i[2]) if file_attribs is None: continue file_attribs[”dollar_i_file”] = os.path.join(”/$Recycle.bin”, dollar_i[1][1:]) Now, search for $R files as follows − recycle_file_path = os.path.join(”/$Recycle.bin”,dollar_i[1].rsplit(“/”, 1)[0][1:]) dollar_r_files = tsk_util.recurse_files( “$R” + dollar_i[0][2:],path = recycle_file_path, logic = “startswith”) if dollar_r_files is None: dollar_r_dir = os.path.join(recycle_file_path,”$R” + dollar_i[0][2:]) dollar_r_dirs = tsk_util.query_directory(dollar_r_dir) if dollar_r_dirs is None: file_attribs[”dollar_r_file”] = “Not Found” file_attribs[”is_directory”] = ”Unknown” else: file_attribs[”dollar_r_file”] = dollar_r_dir file_attribs[”is_directory”] = True else: dollar_r = [os.path.join(recycle_file_path, r[1][1:])for r in dollar_r_files] file_attribs[”dollar_r_file”] = “;”.join(dollar_r) file_attribs[”is_directory”] = False processed_files.append(file_attribs) return processed_files Now, define read_dollar_i() method to read the $I files, in other words, parse the metadata. We will use read_random() method to read the signature’s first eight bytes. This will return none if signature does not match. After that, we will have to read and unpack the values from $I file if that is a valid file. def read_dollar_i(file_obj): if file_obj.read_random(0, 8) != ”x01x00x00x00x00x00x00x00”: return None raw_file_size = struct.unpack(”<q”, file_obj.read_random(8, 8)) raw_deleted_time = struct.unpack(”<q”, file_obj.read_random(16, 8)) raw_file_path = file_obj.read_random(24, 520) Now, after extracting these files we need to interpret the integers into human-readable values by using sizeof_fmt() function as shown below − file_size = sizeof_fmt(raw_file_size[0]) deleted_time = parse_windows_filetime(raw_deleted_time[0]) file_path = raw_file_path.decode(“utf16”).strip(“x00″) return {”file_size”: file_size, ”file_path”: file_path,”deleted_time”: deleted_time} Now, we need to define sizeof_fmt() function as follows − def sizeof_fmt(num, suffix = ”B”): for unit in [””, ”Ki”, ”Mi”, ”Gi”, ”Ti”, ”Pi”, ”Ei”, ”Zi”]: if abs(num) < 1024.0: return “%3.1f%s%s” % (num, unit, suffix) num /= 1024.0 return “%.1f%s%s” % (num, ”Yi”, suffix) Now, define a function for interpreted integers into formatted date and time as follows − def parse_windows_filetime(date_value): microseconds = float(date_value) / 10 ts = datetime.datetime(1601, 1, 1) + datetime.timedelta( microseconds = microseconds) return ts.strftime(”%Y-%m-%d %H:%M:%S.%f”) Now, we will define write_csv() method

Important Artifacts In Windows-III ”; Previous Next This chapter will explain about further artifacts that an investigator can obtain during forensic analysis on Windows. Event Logs Windows event log files, as name –suggests, are special files that stores significant events like when user logs on the computer, when program encounter an error, about system changes, RDP access, application specific events etc. Cyber investigators are always interested in event log information because it provides lots of useful historical information about the access of system. In the following Python script we are going to process both legacy and current Windows event log formats. For Python script, we need to install third party modules namely pytsk3, pyewf, unicodecsv, pyevt and pyevtx. We can follow the steps given below to extract information from event logs − First, search for all the event logs that match the input argument. Then, perform file signature verification. Now, process each event log found with the appropriate library. Lastly, write the output to spreadsheet. Python Code Let us see how to use Python code for this purpose − First, import the following Python libraries − from __future__ import print_function import argparse import unicodecsv as csv import os import pytsk3 import pyewf import pyevt import pyevtx import sys from utility.pytskutil import TSKUtil Now, provide the arguments for command-line handler. Note that here it will accept three arguments – first is the path to evidence file, second is the type of evidence file and third is the name of the event log to process. if __name__ == “__main__”: parser = argparse.ArgumentParser(”Information from Event Logs”) parser.add_argument(“EVIDENCE_FILE”, help = “Evidence file path”) parser.add_argument(“TYPE”, help = “Type of Evidence”,choices = (“raw”, “ewf”)) parser.add_argument( “LOG_NAME”,help = “Event Log Name (SecEvent.Evt, SysEvent.Evt, “”etc.)”) parser.add_argument( “-d”, help = “Event log directory to scan”,default = “/WINDOWS/SYSTEM32/WINEVT”) parser.add_argument( “-f”, help = “Enable fuzzy search for either evt or”” evtx extension”, action = “store_true”) args = parser.parse_args() if os.path.exists(args.EVIDENCE_FILE) and os.path.isfile(args.EVIDENCE_FILE): main(args.EVIDENCE_FILE, args.TYPE, args.LOG_NAME, args.d, args.f) else: print(“[-] Supplied input file {} does not exist or is not a “”file”.format(args.EVIDENCE_FILE)) sys.exit(1) Now, interact with event logs to query the existence of the user supplied path by creating our TSKUtil object. It can be done with the help of main() method as follows − def main(evidence, image_type, log, win_event, fuzzy): tsk_util = TSKUtil(evidence, image_type) event_dir = tsk_util.query_directory(win_event) if event_dir is not None: if fuzzy is True: event_log = tsk_util.recurse_files(log, path=win_event) else: event_log = tsk_util.recurse_files(log, path=win_event, logic=”equal”) if event_log is not None: event_data = [] for hit in event_log: event_file = hit[2] temp_evt = write_file(event_file) Now, we need to perform signature verification followed by defining a method that will write the entire content to the current directory − def write_file(event_file): with open(event_file.info.name.name, “w”) as outfile: outfile.write(event_file.read_random(0, event_file.info.meta.size)) return event_file.info.name.name if pyevt.check_file_signature(temp_evt): evt_log = pyevt.open(temp_evt) print(“[+] Identified {} records in {}”.format( evt_log.number_of_records, temp_evt)) for i, record in enumerate(evt_log.records): strings = “” for s in record.strings: if s is not None: strings += s + “n” event_data.append([ i, hit[0], record.computer_name, record.user_security_identifier, record.creation_time, record.written_time, record.event_category, record.source_name, record.event_identifier, record.event_type, strings, “”, os.path.join(win_event, hit[1].lstrip(“//”)) ]) elif pyevtx.check_file_signature(temp_evt): evtx_log = pyevtx.open(temp_evt) print(“[+] Identified {} records in {}”.format( evtx_log.number_of_records, temp_evt)) for i, record in enumerate(evtx_log.records): strings = “” for s in record.strings: if s is not None: strings += s + “n” event_data.append([ i, hit[0], record.computer_name, record.user_security_identifier, “”, record.written_time, record.event_level, record.source_name, record.event_identifier, “”, strings, record.xml_string, os.path.join(win_event, hit[1].lstrip(“//”)) ]) else: print(“[-] {} not a valid event log. Removing temp” file…”.format(temp_evt)) os.remove(temp_evt) continue write_output(event_data) else: print(“[-] {} Event log not found in {} directory”.format(log, win_event)) sys.exit(3) else: print(“[-] Win XP Event Log Directory {} not found”.format(win_event)) sys.exit(2 Lastly, define a method for writing the output to spreadsheet as follows − def write_output(data): output_name = “parsed_event_logs.csv” print(“[+] Writing {} to current working directory: {}”.format( output_name, os.getcwd())) with open(output_name, “wb”) as outfile: writer = csv.writer(outfile) writer.writerow([ “Index”, “File name”, “Computer Name”, “SID”, “Event Create Date”, “Event Written Date”, “Event Category/Level”, “Event Source”, “Event ID”, “Event Type”, “Data”, “XML Data”, “File Path” ]) writer.writerows(data) Once you successfully run the above script, we will get the information of events log in spreadsheet. Internet History Internet history is very much useful for forensic analysts; as most cyber-crimes happen over the internet only. Let us see how to extract internet history from the Internet Explorer, as we discussing about Windows forensics, and Internet Explorer comes by default with Windows. On Internet Explorer, the internet history is saved in index.dat file. Let us look into a Python script, which will extract the information from index.dat file. We can follow the steps given below to extract information from index.dat files − First, search for index.dat files within the system. Then, extract the information from that file by iterating through them. Now, write all this information to a CSV report. Python Code Let us see how to use Python code for this purpose − First, import the following Python libraries − from __future__ import print_function import argparse from datetime import datetime, timedelta import os import pytsk3 import pyewf import pymsiecf import sys import unicodecsv as csv from utility.pytskutil import TSKUtil Now, provide arguments for command-line handler. Note that here it will accept two arguments – first would be the path to evidence file and second would be the type of evidence file − if __name__ == “__main__”: parser = argparse.ArgumentParser(”getting information from internet history”) parser.add_argument(“EVIDENCE_FILE”, help = “Evidence file path”) parser.add_argument(“TYPE”, help = “Type of Evidence”,choices = (“raw”, “ewf”)) parser.add_argument(“-d”, help = “Index.dat directory to scan”,default = “/USERS”) args = parser.parse_args() if os.path.exists(args.EVIDENCE_FILE) and os.path.isfile(args.EVIDENCE_FILE): main(args.EVIDENCE_FILE, args.TYPE, args.d) else: print(“[-] Supplied input file {} does not exist or is not a “”file”.format(args.EVIDENCE_FILE)) sys.exit(1) Now, interpret the evidence file by creating an object of TSKUtil and iterate through the file system to find index.dat files. It can be done by defining the main() function as follows − def main(evidence, image_type, path): tsk_util = TSKUtil(evidence, image_type) index_dir = tsk_util.query_directory(path) if index_dir is not None: index_files = tsk_util.recurse_files(“index.dat”, path = path,logic = “equal”) if index_files is not None: print(“[+]

Artifact Report ”; Previous Next Now that you are comfortable with installation and running Python commands on your local system, let us move into the concepts of forensics in detail. This chapter will explain various concepts involved in dealing with artifacts in Python digital forensics. Need of Report Creation The process of digital forensics includes reporting as the third phase. This is one of the most important parts of digital forensic process. Report creation is necessary due to the following reasons − It is the document in which digital forensic examiner outlines the investigation process and its findings. A good digital forensic report can be referenced by another examiner to achieve same result by given same repositories. It is a technical and scientific document that contains facts found within the 1s and 0s of digital evidence. General Guidelines for Report Creation The reports are written to provide information to the reader and must start with a solid foundation. investigators can face difficulties in efficiently presenting their findings if the report is prepared without some general guidelines or standards. Some general guidelines which must be followed while creating digital forensic reports are given below − Summary − The report must contain the brief summary of information so that the reader can ascertain the report’s purpose. Tools used − We must mention the tools which have been used for carrying the process of digital forensics, including their purpose. Repository − Suppose, we investigated someone’s computer then the summary of evidence and analysis of relevant material like email, internal search history etc., then they must be included in the report so that the case may be clearly presented. Recommendations for counsel − The report must have the recommendations for counsel to continue or cease investigation based on the findings in report. Creating Different Type of Reports In the above section, we came to know about the importance of report in digital forensics along with the guidelines for creating the same. Some of the formats in Python for creating different kind of reports are discussed below − CSV Reports One of the most common output formats of reports is a CSV spreadsheet report. You can create a CSV to create a report of processed data using the Python code as shown below − First, import useful libraries for writing the spreadsheet − from __future__ import print_function import csv import os import sys Now, call the following method − Write_csv(TEST_DATA_LIST, [“Name”, “Age”, “City”, “Job description”], os.getcwd()) We are using the following global variable to represent sample data types − TEST_DATA_LIST = [[“Ram”, 32, Bhopal, Manager], [“Raman”, 42, Indore, Engg.], [“Mohan”, 25, Chandigarh, HR], [“Parkash”, 45, Delhi, IT]] Next, let us define the method to proceed for further operations. We open the file in the “w” mode and set the newline keyword argument to an empty string. def Write_csv(data, header, output_directory, name = None): if name is None: name = “report1.csv” print(“[+] Writing {} to {}”.format(name, output_directory)) with open(os.path.join(output_directory, name), “w”, newline = “”) as csvfile: writer = csv.writer(csvfile) writer.writerow(header) writer.writerow(data) If you run the above script, you will get the following details stored in report1.csv file. Name Age City Designation Ram 32 Bhopal Managerh Raman 42 Indore Engg Mohan 25 Chandigarh HR Parkash 45 Delhi IT Excel Reports Another common output format of reports is Excel (.xlsx) spreadsheet report. We can create table and also plot the graph by using Excel. We can create report of processed data in Excel format using Python code as shown below− First, import XlsxWriter module for creating spreadsheet − import xlsxwriter Now, create a workbook object. For this, we need to use Workbook() constructor. workbook = xlsxwriter.Workbook(”report2.xlsx”) Now, create a new worksheet by using add_worksheet() module. worksheet = workbook.add_worksheet() Next, write the following data into the worksheet − report2 = ([”Ram”, 32, ‘Bhopal’],[”Mohan”,25, ‘Chandigarh’] ,[”Parkash”,45, ‘Delhi’]) row = 0 col = 0 You can iterate over this data and write it as follows − for item, cost in (a): worksheet.write(row, col, item) worksheet.write(row, col+1, cost) row + = 1 Now, let us close this Excel file by using close() method. workbook.close() The above script will create an Excel file named report2.xlsx having the following data − Ram 32 Bhopal Mohan 25 Chandigarh Parkash 45 Delhi Investigation Acquisition Media It is important for an investigator to have the detailed investigative notes to accurately recall the findings or put together all the pieces of investigation. A screenshot is very useful to keep track of the steps taken for a particular investigation. With the help of the following Python code, we can take the screenshot and save it on hard disk for future use. First, install Python module named pyscreenshot by using following command − Pip install pyscreenshot Now, import the necessary modules as shown − import pyscreenshot as ImageGrab Use the following line of code to get the screenshot − image = ImageGrab.grab() Use the following line of code to save the screenshot to the given location − image.save(”d:/image123.png”) Now, if you want to pop up the screenshot as a graph, you can use the following Python code − import numpy as np import matplotlib.pyplot as plt import pyscreenshot as ImageGrab imageg = ImageGrab.grab() plt.imshow(image, cmap=”gray”, interpolation=”bilinear”) plt.show() Print Page Previous Next Advertisements ”;

Python Digital Forensics – Introduction ”; Previous Next This chapter will give you an introduction to what digital forensics is all about, and its historical review. You will also understand where you can apply digital forensics in real life and its limitations. What is Digital Forensics? Digital forensics may be defined as the branch of forensic science that analyzes, examines, identifies and recovers the digital evidences residing on electronic devices. It is commonly used for criminal law and private investigations. For example, you can rely on digital forensics extract evidences in case somebody steals some data on an electronic device. Brief Historical Review of Digital Forensics The history of computer crimes and the historical review of digital forensics is explained in this section as given below − 1970s-1980s: First Computer Crime Prior to this decade, no computer crime has been recognized. However, if it is supposed to happen, the then existing laws dealt with them. Later, in 1978 the first computer crime was recognized in Florida Computer Crime Act, which included legislation against unauthorized modification or deletion of data on a computer system. But over the time, due to the advancement of technology, the range of computer crimes being committed also increased. To deal with crimes related to copyright, privacy and child pornography, various other laws were passed. 1980s-1990s: Development Decade This decade was the development decade for digital forensics, all because of the first ever investigation (1986) in which Cliff Stoll tracked the hacker named Markus Hess. During this period, two kind of digital forensics disciplines developed – first was with the help of ad-hoc tools and techniques developed by practitioners who took it as a hobby, while the second being developed by scientific community. In 1992, the term “Computer Forensics”was used in academic literature. 2000s-2010s: Decade of Standardization After the development of digital forensics to a certain level, there was a need of making some specific standards that can be followed while performing investigations. Accordingly, various scientific agencies and bodies have published guidelines for digital forensics. In 2002, Scientific Working Group on Digital Evidence (SWGDE) published a paper named “Best practices for Computer Forensics”. Another feather in the cap was a European led international treaty namely “The Convention on Cybercrime” was signed by 43 nations and ratified by 16 nations. Even after such standards, still there is a need to resolve some issues which has been identified by researchers. Process of Digital Forensics Since first ever computer crime in 1978, there is a huge increment in digital criminal activities. Due to this increment, there is a need for structured manner to deal with them. In 1984, a formalized process has been introduced and after that a great number of new and improved computer forensics investigation processes have been developed. A computer forensics investigation process involves three major phases as explained below − Phase 1: Acquisition or Imaging of Exhibits The first phase of digital forensics involves saving the state of the digital system so that it can be analyzed later. It is very much similar to taking photographs, blood samples etc. from a crime scene. For example, it involves capturing an image of allocated and unallocated areas of a hard disk or RAM. Phase 2: Analysis The input of this phase is the data acquired in the acquisition phase. Here, this data was examined to identify evidences. This phase gives three kinds of evidences as follows − Inculpatory evidences − These evidences support a given history. Exculpatory evidences − These evidences contradict a given history. Evidence of tampering − These evidences show that the system was tempered to avoid identification. It includes examining the files and directory content for recovering the deleted files. Phase 3: Presentation or Reporting As the name suggests, this phase presents the conclusion and corresponding evidences from the investigation. Applications of Digital Forensics Digital forensics deals with gathering, analyzing and preserving the evidences that are contained in any digital device. The use of digital forensics depends on the application. As mentioned earlier, it is used mainly in the following two applications − Criminal Law In criminal law, the evidence is collected to support or oppose a hypothesis in the court. Forensics procedures are very much similar to those used in criminal investigations but with different legal requirements and limitations. Private Investigation Mainly corporate world uses digital forensics for private investigation. It is used when companies are suspicious that employees may be performing an illegal activity on their computers that is against company policy. Digital forensics provides one of the best routes for company or person to take when investigating someone for digital misconduct. Branches of Digital Forensics The digital crime is not restricted to computers alone, however hackers and criminals are using small digital devices such as tablets, smart-phones etc. at a very large scale too. Some of the devices have volatile memory, while others have non-volatile memory. Hence depending upon type of devices, digital forensics has the following branches − Computer Forensics This branch of digital forensics deals with computers, embedded systems and static memories such as USB drives. Wide range of information from logs to actual files on drive can be investigated in computer forensics. Mobile Forensics This deals with investigation of data from mobile devices. This branch is different from computer forensics in the sense that mobile devices have an inbuilt communication system which is useful for providing useful information related to location. Network Forensics This deals with the monitoring and analysis of computer network traffic, both local and WAN(wide area network) for the purposes of information gathering, evidence collection, or intrusion detection. Database Forensics This branch of digital forensics deals with forensics study of databases and their metadata. Skills Required for Digital Forensics Investigation Digital forensics examiners help to track hackers, recover stolen data, follow computer attacks back to their source, and aid in other types of investigations involving computers. Some of the key skills required to become digital forensics examiner as discussed below − Outstanding

Python Digital Forensics Tutorial PDF Version Quick Guide Resources Job Search Discussion Digital forensics is the branch of forensic science that analyzes, examines, identifies as well as recovers the digital evidences from electronic devices. It is commonly used in criminal law and private investigation. This tutorial will make you comfortable with performing Digital Forensics in Python on Windows operated digital devices. In this tutorial, you will learn various concepts and coding for carrying out digital forensics in Python. Audience This tutorial will be useful for graduates, post graduates, and research students who either have an interest in this subject or have this subject as a part of their curriculum. Any reader who is enthusiastic about gaining knowledge digital forensics using Python programming language can also pick up this tutorial. Prerequisites This tutorial is designed by making an assumption that the reader has a basic knowledge about operating system and computer networks. You are expected to have a basic knowledge of Python programming. If you are novice to any of these subjects or concepts, we strongly suggest you go through tutorials based on these, before you start your journey with this tutorial. Print Page Previous Next Advertisements ”;

Python Digital Forensics – Getting Started ”; Previous Next In the previous chapter, we learnt the basics of digital forensics, its advantages and limitations. This chapter will make you comfortable with Python, the essential tool that we are using in this digital forensics investigation. Why Python for Digital Forensics? Python is a popular programming language and is used as tool for cyber security, penetration testing as well as digital forensic investigations. When you choose Python as your tool for digital forensics, you do not need any other third party software for completing the task. Some of the unique features of Python programming language that makes it a good fit for digital forensics projects are given below − Simplicity of Syntax − Python’s syntax is simple compared to other languages, that makes it easier for one to learn and put into use for digital forensics. Comprehensive inbuilt modules − Python’s comprehensive inbuilt modules are an excellent aid for performing a complete digital forensic investigation. Help and Support − Being an open source programming language, Python enjoys excellent support from the developer’s and users’ community. Features of Python Python, being a high-level, interpreted, interactive and object-oriented scripting language, provides the following features − Easy to Learn − Python is a developer friendly and easy to learn language, because it has fewer keywords and simplest structure. Expressive and Easy to read − Python language is expressive in nature; hence its code is more understandable and readable. Cross-platform Compatible − Python is a cross-platform compatible language which means it can run efficiently on various platforms such as UNIX, Windows, and Macintosh. Interactive Mode Programming − We can do interactive testing and debugging of code because Python supports an interactive mode for programming. Provides Various Modules and Functions − Python has large standard library which allows us to use rich set of modules and functions for our script. Supports Dynamic Type Checking − Python supports dynamic type checking and provides very high-level dynamic data types. GUI Programming − Python supports GUI programming to develop Graphical user interfaces. Integration with other programming languages − Python can be easily integrated with other programming languages like C, C++, JAVA etc. Installing Python Python distribution is available for various platforms such as Windows, UNIX, Linux, and Mac. We only need to download the binary code as per our platform. In case if the binary code for any platform is not available, we must have a C compiler so that source code can be compiled manually. This section will make you familiar with installation of Python on various platforms− Python Installation on Unix and Linux You can follow following the steps shown below to install Python on Unix/Linux machine. Step 1 − Open a Web browser. Type and enter www.python.org/downloads/ Step 2 − Download zipped source code available for Unix/Linux. Step 3 − Extract the downloaded zipped files. Step 4 − If you wish to customize some options, you can edit the Modules/Setup file. Step 5 − Use the following commands for completing the installation − run ./configure script make make install Once you have successfully completed the steps given above, Python will be installed at its standard location /usr/local/bin and its libraries at /usr/local/lib/pythonXX where XX is the version of Python. Python Installation on Windows We can follow following simple steps to install Python on Windows machine. Step 1 − Open a web browser. Type and enter www.python.org/downloads/ Step 2 − Download the Windows installer python-XYZ.msi file, where XYZ is the version we need to install. Step 3 − Now run that MSI file after saving the installer file to your local machine. Step 4 − Run the downloaded file which will bring up the Python installation wizard. Python Installation on Macintosh For installing Python 3 on Mac OS X, we must use a package installer named Homebrew. You can use the following command to install Homebrew, incase you do not have it on your system − $ ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)” If you need to update the package manager, then it can be done with the help of following command − $ brew update Now, use the following command to install Python3 on your system − $ brew install python3 Setting the PATH We need to set the path for Python installation and this differs with platforms such as UNIX, WINDOWS, or MAC. Path setting at Unix/Linux You can use the following options to set the path on Unix/Linux − If using csh shell – Type setenv PATH “$PATH:/usr/local/bin/python” and then press Enter. If using bash shell (Linux) − Type export ATH=”$PATH:/usr/local/bin/python” and then press Enter. If using sh or ksh shell – Type PATH=”$PATH:/usr/local/bin/python” and then press Enter. Path Setting at Windows Type path %path%;C:Python at the command prompt and then press Enter. Running Python You can choose any of the following three methods to start the Python interpreter − Method 1: Using Interactive Interpreter A system that provides a command-line interpreter or shell can easily be used for starting Python. For example, Unix, DOS etc. You can follow the steps given below to start coding in interactive interpreter − Step 1 − Enter python at the command line. Step 2 − Start coding right away in the interactive interpreter using the commands shown below − $python # Unix/Linux or python% # Unix/Linux or C:> python # Windows/DOS Method 2: Using Script from the Command-line We can also execute a Python script at command line by invoking the interpreter on our application. You can use commands shown below − $python script.py # Unix/Linux or python% script.py # Unix/Linux or C: >python script.py # Windows/DOS Method 3: Integrated Development Environment If a system has GUI application that supports Python, then Python can be run from that GUI environment. Some of the IDE for various platforms are given below − Unix IDE − UNIX has IDLE IDE for Python. Windows IDE − Windows has PythonWin, the first Windows interface for Python along with GUI.