├── Chapter 10 ├── libpff.lpff.tgz ├── logger.pyw ├── multiprocessing_example.py ├── pst_indexer.py ├── simple_clipboard.py ├── simple_keylogger.py ├── simple_multiprocessor.py ├── simple_screenshot.py └── stats_template.html ├── Chapter 11 ├── places.sqlite-wal ├── pst_indexer.py ├── stats_template.html └── wal_crawler.py ├── Chapter 12 ├── places.sqlite-wal └── wal_crawler.py ├── Chapter 13 ├── framework.py ├── plugins │ ├── __init__.py │ ├── exif.py │ ├── helper │ │ ├── __init__.py │ │ ├── usb_lookup.py │ │ └── utility.py │ ├── id3.py │ ├── office.py │ ├── pst_indexer.py │ ├── setupapi.py │ ├── userassist.py │ └── wal_crawler.py ├── requirements.txt └── writers │ ├── __init__.py │ ├── csv_writer.py │ ├── kml_writer.py │ └── xlsx_writer.py ├── Chapter 2 ├── argument_parser.py ├── ip_to_geo.py ├── unix_converter.py ├── usb_lookup.py └── user_input.py ├── Chapter 3 ├── setupapi.dev.log ├── setupapi_parser.py ├── setupapi_parser.v1.py ├── setupapi_parser.v2.py └── usb_lookup.py ├── Chapter 4 ├── bitcoin_address_lookup.py ├── bitcoin_address_lookup.v1.py ├── bitcoin_address_lookup.v2.py ├── book.json ├── book.xml └── unix_converter.py ├── Chapter 5 ├── file_lister.py └── file_lister_peewee.py ├── Chapter 6 ├── Neguhe Qrag.bin ├── Writers │ ├── __init__.py │ ├── csv_writer.py │ └── xlsx_writer.py ├── rot13.py ├── simplexlsx.v1.py ├── simplexlsx.v2.py ├── simplexlsx.v3.py └── userassist_parser.py ├── Chapter 7 ├── fuzzy_hasher.py ├── hashing_example.py ├── rabinkarp.py ├── rand1A.file ├── rand1B.file ├── rand2.file └── ssdeep_python.py ├── Chapter 8 ├── img_42.jpg ├── metadata_parser.py ├── plugins │ ├── __init__.py │ ├── exif_parser.py │ ├── id3_parser.py │ └── office_parser.py ├── processors │ ├── __init__.py │ └── utility.py └── writers │ ├── __init__.py │ ├── csv_writer.py │ └── kml_writer.py ├── Chapter 9 └── date_decoder.py ├── README.md └── Software Hardware List.docx /Chapter 10/libpff.lpff.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/libpff.lpff.tgz -------------------------------------------------------------------------------- /Chapter 10/logger.pyw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/logger.pyw -------------------------------------------------------------------------------- /Chapter 10/multiprocessing_example.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/multiprocessing_example.py -------------------------------------------------------------------------------- /Chapter 10/pst_indexer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/pst_indexer.py -------------------------------------------------------------------------------- /Chapter 10/simple_clipboard.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/simple_clipboard.py -------------------------------------------------------------------------------- /Chapter 10/simple_keylogger.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/simple_keylogger.py -------------------------------------------------------------------------------- /Chapter 10/simple_multiprocessor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/simple_multiprocessor.py -------------------------------------------------------------------------------- /Chapter 10/simple_screenshot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/simple_screenshot.py -------------------------------------------------------------------------------- /Chapter 10/stats_template.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 10/stats_template.html -------------------------------------------------------------------------------- /Chapter 11/places.sqlite-wal: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 11/places.sqlite-wal -------------------------------------------------------------------------------- /Chapter 11/pst_indexer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 11/pst_indexer.py -------------------------------------------------------------------------------- /Chapter 11/stats_template.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 11/stats_template.html -------------------------------------------------------------------------------- /Chapter 11/wal_crawler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 11/wal_crawler.py -------------------------------------------------------------------------------- /Chapter 12/places.sqlite-wal: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 12/places.sqlite-wal -------------------------------------------------------------------------------- /Chapter 12/wal_crawler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 12/wal_crawler.py -------------------------------------------------------------------------------- /Chapter 13/framework.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/framework.py -------------------------------------------------------------------------------- /Chapter 13/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/__init__.py -------------------------------------------------------------------------------- /Chapter 13/plugins/exif.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/exif.py -------------------------------------------------------------------------------- /Chapter 13/plugins/helper/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/helper/__init__.py -------------------------------------------------------------------------------- /Chapter 13/plugins/helper/usb_lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/helper/usb_lookup.py -------------------------------------------------------------------------------- /Chapter 13/plugins/helper/utility.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/helper/utility.py -------------------------------------------------------------------------------- /Chapter 13/plugins/id3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/id3.py -------------------------------------------------------------------------------- /Chapter 13/plugins/office.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/office.py -------------------------------------------------------------------------------- /Chapter 13/plugins/pst_indexer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/pst_indexer.py -------------------------------------------------------------------------------- /Chapter 13/plugins/setupapi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/setupapi.py -------------------------------------------------------------------------------- /Chapter 13/plugins/userassist.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/userassist.py -------------------------------------------------------------------------------- /Chapter 13/plugins/wal_crawler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/plugins/wal_crawler.py -------------------------------------------------------------------------------- /Chapter 13/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/requirements.txt -------------------------------------------------------------------------------- /Chapter 13/writers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/writers/__init__.py -------------------------------------------------------------------------------- /Chapter 13/writers/csv_writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/writers/csv_writer.py -------------------------------------------------------------------------------- /Chapter 13/writers/kml_writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/writers/kml_writer.py -------------------------------------------------------------------------------- /Chapter 13/writers/xlsx_writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 13/writers/xlsx_writer.py -------------------------------------------------------------------------------- /Chapter 2/argument_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 2/argument_parser.py -------------------------------------------------------------------------------- /Chapter 2/ip_to_geo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 2/ip_to_geo.py -------------------------------------------------------------------------------- /Chapter 2/unix_converter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 2/unix_converter.py -------------------------------------------------------------------------------- /Chapter 2/usb_lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 2/usb_lookup.py -------------------------------------------------------------------------------- /Chapter 2/user_input.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 2/user_input.py -------------------------------------------------------------------------------- /Chapter 3/setupapi.dev.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 3/setupapi.dev.log -------------------------------------------------------------------------------- /Chapter 3/setupapi_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 3/setupapi_parser.py -------------------------------------------------------------------------------- /Chapter 3/setupapi_parser.v1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 3/setupapi_parser.v1.py -------------------------------------------------------------------------------- /Chapter 3/setupapi_parser.v2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 3/setupapi_parser.v2.py -------------------------------------------------------------------------------- /Chapter 3/usb_lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 3/usb_lookup.py -------------------------------------------------------------------------------- /Chapter 4/bitcoin_address_lookup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 4/bitcoin_address_lookup.py -------------------------------------------------------------------------------- /Chapter 4/bitcoin_address_lookup.v1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 4/bitcoin_address_lookup.v1.py -------------------------------------------------------------------------------- /Chapter 4/bitcoin_address_lookup.v2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 4/bitcoin_address_lookup.v2.py -------------------------------------------------------------------------------- /Chapter 4/book.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 4/book.json -------------------------------------------------------------------------------- /Chapter 4/book.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 4/book.xml -------------------------------------------------------------------------------- /Chapter 4/unix_converter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 4/unix_converter.py -------------------------------------------------------------------------------- /Chapter 5/file_lister.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 5/file_lister.py -------------------------------------------------------------------------------- /Chapter 5/file_lister_peewee.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 5/file_lister_peewee.py -------------------------------------------------------------------------------- /Chapter 6/Neguhe Qrag.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/Neguhe Qrag.bin -------------------------------------------------------------------------------- /Chapter 6/Writers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/Writers/__init__.py -------------------------------------------------------------------------------- /Chapter 6/Writers/csv_writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/Writers/csv_writer.py -------------------------------------------------------------------------------- /Chapter 6/Writers/xlsx_writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/Writers/xlsx_writer.py -------------------------------------------------------------------------------- /Chapter 6/rot13.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/rot13.py -------------------------------------------------------------------------------- /Chapter 6/simplexlsx.v1.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/simplexlsx.v1.py -------------------------------------------------------------------------------- /Chapter 6/simplexlsx.v2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/simplexlsx.v2.py -------------------------------------------------------------------------------- /Chapter 6/simplexlsx.v3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/simplexlsx.v3.py -------------------------------------------------------------------------------- /Chapter 6/userassist_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 6/userassist_parser.py -------------------------------------------------------------------------------- /Chapter 7/fuzzy_hasher.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 7/fuzzy_hasher.py -------------------------------------------------------------------------------- /Chapter 7/hashing_example.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 7/hashing_example.py -------------------------------------------------------------------------------- /Chapter 7/rabinkarp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 7/rabinkarp.py -------------------------------------------------------------------------------- /Chapter 7/rand1A.file: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 7/rand1A.file -------------------------------------------------------------------------------- /Chapter 7/rand1B.file: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 7/rand1B.file -------------------------------------------------------------------------------- /Chapter 7/rand2.file: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 7/rand2.file -------------------------------------------------------------------------------- /Chapter 7/ssdeep_python.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 7/ssdeep_python.py -------------------------------------------------------------------------------- /Chapter 8/img_42.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/img_42.jpg -------------------------------------------------------------------------------- /Chapter 8/metadata_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/metadata_parser.py -------------------------------------------------------------------------------- /Chapter 8/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/plugins/__init__.py -------------------------------------------------------------------------------- /Chapter 8/plugins/exif_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/plugins/exif_parser.py -------------------------------------------------------------------------------- /Chapter 8/plugins/id3_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/plugins/id3_parser.py -------------------------------------------------------------------------------- /Chapter 8/plugins/office_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/plugins/office_parser.py -------------------------------------------------------------------------------- /Chapter 8/processors/__init__.py: -------------------------------------------------------------------------------- 1 | import utility -------------------------------------------------------------------------------- /Chapter 8/processors/utility.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/processors/utility.py -------------------------------------------------------------------------------- /Chapter 8/writers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/writers/__init__.py -------------------------------------------------------------------------------- /Chapter 8/writers/csv_writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/writers/csv_writer.py -------------------------------------------------------------------------------- /Chapter 8/writers/kml_writer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 8/writers/kml_writer.py -------------------------------------------------------------------------------- /Chapter 9/date_decoder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Chapter 9/date_decoder.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/README.md -------------------------------------------------------------------------------- /Software Hardware List.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PacktPublishing/Learning-Python-for-Forensics/HEAD/Software Hardware List.docx --------------------------------------------------------------------------------