Installation of Python

Python Forensics – Installation of Python ”; Previous Next As we need Python for all the activities of computational forensics, let us move step by step and understand how to install it. Step 1 − Go to https://www.python.org/downloads/ and download the installation files of Python according to the Operating System you have on your system. Step 2 − After downloading the package/installer, click on the exe file to start the installation process. You will get to see the following screen after the installation is complete. Step 3 − The next step is to set the environment variables of Python in your system. Step 4 − Once the environment variables are set, type the command “python” on the command prompt to verify whether the installation was successful or not. If the installation was successful, then you will get the following output on the console. Print Page Previous Next Advertisements ”;

Basic Forensic Application

Python Forensics – Basic Forensic Application ”; Previous Next For creating an application as per the Forensic guidelines, it is important to understand and follow its naming conventions and patterns. Naming Conventions During the development of Python forensics applications, the rules and conventions to be followed are described in the following table. Constants Uppercase with underscore separation HIGH_TEMPERATURE Local variable name Lowercase with bumpy caps (underscores are optional) currentTemperature Global variable name Prefix gl lowercase with bumpy caps (underscores are optional) gl_maximumRecordedTemperature Functions name Uppercase with bumpy caps (underscores optional) with active voice ConvertFarenheitToCentigrade(…) Object name Prefix ob_ lowercase with bumpy caps ob_myTempRecorder Module An underscore followed by lowercase with bumpy caps _tempRecorder Class names Prefix class_ then bumpy caps and keep brief class_TempSystem Let us take a scenario to understand the importance of naming conventions in Computational Forensics. Suppose we have a hashing algorithm that is normally used for encrypting data. The one-way hashing algorithm takes input as a stream of binary data; this could be a password, a file, binary data, or any digital data. The hashing algorithm then produces a message digest (md) with respect to the data received in the input. It is practically impossible to create a new binary input that will generate a given message digest. Even a single bit of the binary input data, if changed, will generate a unique message, which is different than the previous one. Example Take a look at the following sample program which follows the above-mentioned conventions. import sys, string, md5 # necessary libraries print “Please enter your full name” line = sys.stdin.readline() line = line.rstrip() md5_object = md5.new() md5_object.update(line) print md5_object.hexdigest() # Prints the output as per the hashing algorithm i.e. md5 exit The above program produces the following output. In this program, the Python script accepts the input (your full name) and converts it as per the md5 hashing algorithm. It encrypts the data and secures the information, if required. As per forensic guidelines, the name of evidences or any other proofs can be secured in this pattern. Print Page Previous Next Advertisements ”;

Python Modules

Python Forensics – Python Modules ”; Previous Next Modules in Python programs help in organizing the code. They help in grouping related code into a single module, which makes it easier to understand and use. It includes arbitrarily named values, which can be used for binding and reference. In simple words, a module is a file consisting of Python code which includes functions, classes, and variables. The Python code for a module (file) is saved with .py extension which is compiled as and when needed. Example def print_hello_func( par ): print “Hello : “, par return Import Statement The Python source file can be used as a module by executing an import statement which imports other packages or third-party libraries. The syntax used is as follows − import module1[, module2[,… moduleN] When the Python interpreter encounters the import statement, it imports the module specified which is present in the search path. Example Consider the following example. #!/usr/bin/python # Import module support import support # Now you can call defined function that module as follows support.print_func(“Radhika”) It will produce the following output − A module is loaded only once, regardless of the number of times it has been imported by Python code. From…import statement From attribute helps to import specific attributes from a module into a current namespace. Here is its syntax. from modname import name1[, name2[, … nameN]] Example To import the function fibonacci from the module fib, use the following statement. from fib import fibonacci Locating Modules When the module is being imported, the Python interpreter searches for the following sequences − The current directory. If the module does not exist, Python then searches each directory in the shell variable PYTHONPATH. If the shell variable location fails, Python checks the default path. Computational forensics use Python modules and third-party modules to get the information and extract evidence with better ease. Further chapters focus on the implementation of modules to get the necessary output. Print Page Previous Next Advertisements ”;

Introduction

Python Forensics – Introduction ”; Previous Next Python is a general-purpose programming language with easy, readable code that can be easily understood by both professional developers as well as novice programmers. Python comprises of many useful libraries that can be used with any stack framework. Many laboratories rely on Python to build basic models for predictions and to run experiments. It also helps to control critical operational systems. Python has built-in capabilities to support digital investigation and protect the integrity of evidence during an investigation. In this tutorial, we will explain the fundamental concepts of applying Python in digital or computation forensics. What is Computational Forensics? Computational Forensics is an emerging research domain. It deals with solving forensic problems using digital methods. It uses computational science to study digital evidence. Computation Forensics includes a broad range of subjects which has objects, substances, and processes investigated, mainly based on pattern evidence, such as toolmarks, fingerprints, shoeprints, documents etc., and also includes physiological and behavioral patterns, DNA, and digital evidence at crime scenes. The following diagram shows the broad range of subjects covered under Computational Forensics. Computational forensics is implemented with the help of some algorithms. These algorithms are used for signal and image processing, computer vision and graphics. It also includes data mining, machine learning, and robotics. Computational forensics involves diverse digital methods. The best solution to ease all digital methods in forensics is to use a general-purpose programming language like Python. Print Page Previous Next Advertisements ”;