Category: python Forensics

Python Forensics – Python Modules ”; Previous Next Modules in Python programs help in organizing the code. They help in grouping related code into a single module, which makes it easier to understand and use. It includes arbitrarily named values, which can be used for binding and reference. In simple words, a module is a file consisting of Python code which includes functions, classes, and variables. The Python code for a module (file) is saved with .py extension which is compiled as and when needed. Example def print_hello_func( par ): print “Hello : “, par return Import Statement The Python source file can be used as a module by executing an import statement which imports other packages or third-party libraries. The syntax used is as follows − import module1[, module2[,… moduleN] When the Python interpreter encounters the import statement, it imports the module specified which is present in the search path. Example Consider the following example. #!/usr/bin/python # Import module support import support # Now you can call defined function that module as follows support.print_func(“Radhika”) It will produce the following output − A module is loaded only once, regardless of the number of times it has been imported by Python code. From…import statement From attribute helps to import specific attributes from a module into a current namespace. Here is its syntax. from modname import name1[, name2[, … nameN]] Example To import the function fibonacci from the module fib, use the following statement. from fib import fibonacci Locating Modules When the module is being imported, the Python interpreter searches for the following sequences − The current directory. If the module does not exist, Python then searches each directory in the shell variable PYTHONPATH. If the shell variable location fails, Python checks the default path. Computational forensics use Python modules and third-party modules to get the information and extract evidence with better ease. Further chapters focus on the implementation of modules to get the necessary output. Print Page Previous Next Advertisements ”;

Python Forensics – Introduction ”; Previous Next Python is a general-purpose programming language with easy, readable code that can be easily understood by both professional developers as well as novice programmers. Python comprises of many useful libraries that can be used with any stack framework. Many laboratories rely on Python to build basic models for predictions and to run experiments. It also helps to control critical operational systems. Python has built-in capabilities to support digital investigation and protect the integrity of evidence during an investigation. In this tutorial, we will explain the fundamental concepts of applying Python in digital or computation forensics. What is Computational Forensics? Computational Forensics is an emerging research domain. It deals with solving forensic problems using digital methods. It uses computational science to study digital evidence. Computation Forensics includes a broad range of subjects which has objects, substances, and processes investigated, mainly based on pattern evidence, such as toolmarks, fingerprints, shoeprints, documents etc., and also includes physiological and behavioral patterns, DNA, and digital evidence at crime scenes. The following diagram shows the broad range of subjects covered under Computational Forensics. Computational forensics is implemented with the help of some algorithms. These algorithms are used for signal and image processing, computer vision and graphics. It also includes data mining, machine learning, and robotics. Computational forensics involves diverse digital methods. The best solution to ease all digital methods in forensics is to use a general-purpose programming language like Python. Print Page Previous Next Advertisements ”;

Python Forensics – Python Imaging Library ”; Previous Next Extracting valuable information from the resources available is a vital part of digital forensics. Getting access to all the information available is essential for an investigation process as it helps in retrieving appropriate evidence. Resources that contain data can be either simple data structures such as databases or complex data structures such as a JPEG image. Simple data structures can be easily accessed using simple desktop tools, while extracting information from complex data structures require sophisticated programming tools. Python Imaging Library The Python Imaging Library (PIL) adds image processing capabilities to your Python interpreter. This library supports many file formats, and provides powerful image processing and graphics capabilities. You can download the source files of PIL from − http://www.pythonware.com/products/pil/ The following illustration shows the complete flow diagram of extracting data from images (complex data structures) in PIL. Example Now, let’s have a programming example to understand how it actually works. Step 1 − Suppose we have the following image from where we need to extract information. Step 2 − When we open this image using PIL, it will first note the necessary points required for extracting evidence, which includes various pixel values. Here is the code to open the image and record its pixel values − from PIL import Image im = Image.open(”Capture.jpeg”, ”r”) pix_val = list(im.getdata()) pix_val_flat = [x for sets in pix_val for x in sets] print pix_val_flat Step 3 − Our code will produce the following output, after extracting the pixel values of the image. The output delivered represents the pixel values of RGB combination, which gives a better picture of what data is needed for evidence. The data fetched is represented in the form of an array. Print Page Previous Next Advertisements ”;

Python Forensics – Cracking an Encryption ”; Previous Next In this chapter, we will learn about cracking a text data fetched during analysis and evidence. A plain text in cryptography is some normal readable text, such as a message. A cipher text, on the other hand, is the output of an encryption algorithm fetched after you enter plain text. Simple algorithm of how we turn a plain text message into a cipher text is the Caesar cipher, invented by Julius Caesar to keep the plain text secret from his enemies. This cipher involves shifting every letter in the message “forward” by three places in the alphabet. Following is a demo illustration. a → D b → E c → F …. w → Z x → A y → B z → C Example A message entered when you run a Python script gives all the possibilities of characters, which is used for pattern evidence. The types of pattern evidences used are as follows − Tire Tracks and Marks Impressions Fingerprints Every biometric data comprises of vector data, which we need to crack to gather full-proof evidence. The following Python code shows how you can produce a cipher text from plain text − import sys def decrypt(k,cipher): plaintext = ”” for each in cipher: p = (ord(each)-k) % 126 if p < 32: p+=95 plaintext += chr(p) print plaintext def main(argv): if (len(sys.argv) != 1): sys.exit(”Usage: cracking.py”) cipher = raw_input(”Enter message: ”) for i in range(1,95,1): decrypt(i,cipher) if __name__ == “__main__”: main(sys.argv[1:]) Output Now, check the output of this code. When we enter a simple text “Radhika”, the program will produce the following cipher text. Print Page Previous Next Advertisements ”;