As a professional in the Digital Forensics community, there is a lot to explore in the ever-changing field. The projects below reflect some of the publications & development projects I have worked on, specifically in the forensics community. Any published code is experimental and in a development stage at this time.
An online e-book full of tried and tested snippets useful in handling small
yet common tasks encountered in script for DFIR. This repository is open source
and is continuously growing to include examples for writing CSV report, parsing
Registry hives, analyzing Windows event logs, and more.
Open for the
community to contribute new approaches and leverage the existing snippets in
their custom scripting exercises.
Updated version of the introductory Learning Python for Forensics book, moving scripts to Python 3.7 and introducing the latest libraries. This book features a new chapter, focused on leveraging Python and Windows libraries to collect volitile information from a host. This book is available for Paperback & E-Book orders.
A small web app to query historical information about AWS IP addresses, such as the associated region and service. This utility shows deduplicated entries per service and region for the CIDR block historically. The site offers a webform and API to query for IP addresses.
In this book, Preston Miller and I exhibit many of the Python libraries commonly used in digital forensics through small scripts (or recipes). Across the 60+ recipes, we explore how to process files with embedded metadata, parsing common file and registry artifacts, processing evidence stored as E01 files, integrating Python with common tools such as Axiom, EnCase, and Cellebrite, and much more. This book is available for Paperback & E-Book orders.
Co-authored a book on the use of Python in Forensics at an introductory level with Preston Miller. This book teaches the art of designing, developing, and deploying innovative forensic solutions through Python. Available as Paperback & E-Book.
Mantech's Triage and Analysis System automates many open source forensic tools to provide insight to points of analysis available within an unknown data set.
Developed a set of 3 notebooks to work through to step through the basics required to build Python tools for Forensics. The 3 examples include the basic introduction to Python, creating a simple timeline, and parsing the registry.