Chapin Bryce // Incident Responder turned Developer


Home // Blog // GitHub // Twitter // Mastodon // Public Key // Contact

The field of information security is constantly changing, and keeping up with it is quite fun and interesting. The below project reflect some of the publications & development projects I have worked on in an effort to share back with the community. Since they are all side projects, they do not get the attention they deserve to be used in production environments or casework. Please treat them as experimental.

Python Forensics Handbook

Python Forensics Handbook

An online e-book full of tried and tested snippets useful in handling small yet common tasks encountered in script for DFIR. This repository is open source and is continuously growing to include examples for writing CSV report, parsing Registry hives, analyzing Windows event logs, and more.
Open for the community to contribute new approaches and leverage the existing snippets in their custom scripting exercises.

Website GitHub

Learning Python for Forensics, Second Edition

Learning Python for Forensics, Second Edition

Updated version of the introductory Learning Python for Forensics book, moving scripts to Python 3.7 and introducing the latest libraries. This book features a new chapter, focused on leveraging Python and Windows libraries to collect volitile information from a host. This book is available for Paperback & E-Book orders.

Amazon Packt Publishing GitHub

AWS IP Lookup

RDP Snitch

This Mastodon/Twitter bot reports on the RDP scanning activity against an RDP honeypot. The daily statistics include GeoIP, user account, and more datapoints that are summarized and publicly shared in pastes.
Additionally the process of setting up your own snitch is documented in a blog series, below.

Blog Post Mastodon

Python Digital Forensics Cookbook

Python Digital Forensics Cookbook

In this book, Preston Miller and I exhibit many of the Python libraries commonly used in digital forensics through small scripts (or recipes). Across the 60+ recipes, we explore how to process files with embedded metadata, parsing common file and registry artifacts, processing evidence stored as E01 files, integrating Python with common tools such as Axiom, EnCase, and Cellebrite, and much more. This book is available for Paperback & E-Book orders.

Amazon Packt Publishing GitHub

Learn Python for Forensics

Learning Python for Forensics

Co-authored a book on the use of Python in Forensics at an introductory level with Preston Miller. This book teaches the art of designing, developing, and deploying innovative forensic solutions through Python. Available as Paperback & E-Book.

Amazon Packt Publishing GitHub

MantaRay Forensics

Chickadee GeoIP Enrichment Tool

Chickadee provides a command line interface for extracting, enriching, and reporting on contextualized GeoIP data. This tool is meant to provide a library, for use in other applications, but also an extensible framework to support other enrichment sources.
The Python version is being actively replaced by a similar Rust based version, in order to increase performance and reliability. See chickadee-rs.

Github

MantaRay Forensics

MantaRay Forensics

Mantech's Triage and Analysis System automates many open source forensic tools to provide insight to points of analysis available within an unknown data set.

Github

Intro to Python in Forensics

Python in Forensics

Developed a set of 3 notebooks to work through to step through the basics required to build Python tools for Forensics. The 3 examples include the basic introduction to Python, creating a simple timeline, and parsing the registry.

Github

Shattered Forensics

Project Shattered

Published 3 articles within Digital Forensics Magazine with research on Google Glass. Developed Shattered and Foroboto as acquisition & analysis tools for Google Glass and rooted Android based devices.

Github


Home // Blog // GitHub // Twitter // Mastodon // Public Key // Contact
Built by Chapin Bryce © 2023