Skip to main content

Python Programming For Digital Forensics And Security Analysis

Python Programming For Digital Forensics And Security Analysis


#cybersecurity #coursera #quiz #solution #network #python



One of the many uses of the versatile Python programming language is digital forensics and security analysis. This article covers various aspects such as socket programming, port scanning, geopositioning, and extracting data from sites such as Twitter.
Python is one of the most powerful programming languages ​​used in key areas such as cloud computing, big data analysis, network forensics, mobile app development and web development. Python has been in use for over 20 years.
Python code follows multiple programming paradigms, including imperative, functional, procedural, and object-oriented, to provide support. Nowadays, Python is widely used for a variety of high performance computing applications by a number of corporate giants including Microsoft, Google, Red Hat, IBM, Amazon and many others. Python is free and open source, and delivers the implementations and interfaces for many other languages and platforms.

This table 1 lists different Python implementations and the platforms and programming models they support.




Table 1


This figure 2 illustrates how Python code is executed on a system with Python 2.7 installed on Drive E: of the Windows operating system. IDE-based programming with Python can include any IDE for writing, debugging, and executing code.




Given below is a list of Python IDEs where a graphical user interface is provided for easy programming:




Digital forensics experts rely on a variety of tools and operating systems when investigating digital crimes. Python is a popular programming language for digital investigations. Many forensic tools are used with Kali Linux, MetaSploit, and Parrot Security OS.These tools come with pre-installed applications that the users deploy without knowing the internal architecture and algorithmic approach of implementation. Python is a widely used programming language for cybersecurity, penetration testing, and digital forensic applications.Using basic Python programming, any of the following can be done without using any third party tools:

Web server fingerprinting
Attack Modeling
Port scanning
Website cloning
Load generation and site testing
Building Intrusion Detection and Prevention Systems
Scanning for a wireless network
Network traffic transmission
Accessing mail servers



Socket programming

Socket programming is in-built with Python, similar to Java. To work with socket programming, the package socket is first imported and then the related methods can be called. Python installation comes with the in-built IDLE GUI.




Network port scanning

Generally, the nmap tool is used for the implementation of network port scanning, but using Python socket programming, it can be implemented without any third party tool. In Kali Linux, there are many tools available for digital forensics related to networks, but many of these implementations can be done using Python programming with just a few lines of instruction.

The code for port scanning of any IP address can be downloaded from here. The code checks which particular ports are open from the PortList [20, 22, 23, 80, 135, 445, 912]. Each value in the PortList specifies a particular service associated with the network.

Geolocation extraction

The real-time location of an IP address can be extracted using Python and Google APIs with the use of the pygeoip module. First of all, import the GeoIP database from the URL.

Once the database is loaded and mapped with the Python installation, any IP address can be scanned with global visibility and location.

>>> import pygeoip
>>> myGeoIP = pygeoip.GeoIP(‘GeoIPDataSet.dat’)
>>> myGeoIP.country_name_by_addr(‘<IP Address>’)
 ‘United States‘

To look up the country, use the following commands:

>>> myGeoIP = pygeoip.GeoIP(‘GeoIPDataSet.dat’)
>>> myGeoIP.country_code_by_name(‘google.com’)
‘US’
>>> myGeoIP.country_code_by_addr(‘<IP Address>’)
‘US’
>>> myGeoIP.country_name_by_addr(‘<IP Address>’)
‘United States’

To look up the city, use the following commands:

>>> myGeoIP = pygeoip.GeoIP(‘GeoIPCity.dat’)
>>> myGeoIP.record_by_addr(‘<IP Address>’)
{
    ‘city’: u’Mountain View’,
    ‘region_code’: u’CA’,
    ‘area_code’: 550,
    ‘time_zone’: ‘America/Los_Angeles’,
    ‘dma_code’: 807,
    ‘metro_code’: ‘San Francisco, CA’,
    ‘country_code3’: ‘USA’,
    ‘latitude’: 38.888222,
    ‘postal_code’: u’94043’,
    ‘longitude’: -123.37383,
    ‘country_code’: ‘US’,
    ‘country_name’: ‘United States’,
    ‘continent’: ‘NA’
}
>>> myGeoIP.time_zone_by_addr(‘<IP Address>’)
‘America/Los_Angeles

Real-time extraction from social media

The live and real-time data from social media platforms can be downloaded using Python scripts. In Python, there are many modules and extensions with which the interfacing with WhatsApp, Twitter, Facebook, LinkedIn and many other platforms can be done.






Python package index (PyPI)

PyPI (https://pypi.python.org) is the software repository of enormous Python packages for interfacing with other platforms. PyPI is freely available for Python developers without any licensing or subscriptions.

You can download the Python codes for the three actions given below from https://www.opensourceforu.com/article_source_code/sept16/digital_forensic.zip
1. Fetching the list of followers from Twitter about any user
2. Fetching the Twitter timeline for any user name

Real-time extraction of live tweets from Twitter

With the execution of the Python code downloaded from the above link, the live real-time discussion on any topic or keyword can be fetched. With this execution, the real-time discussion on the word ‘India’ will be fetched along with the details on the users involved in the transmission and distribution of tweets. The user data will include the user name, device, tweet, followers’ list, timestamp of the tweet, platform used, etc.



Labels:

Comments

Post a Comment

Popular posts from this blog

Cyber Attack Countermeasures : Module 4

 Cyber Attack Countermeasures :  Module 4 Quiz #cyber #quiz #coursera #exam #module #answers 1 . Question 1 CBC mode cryptography involves which of the following? 1 / 1  point Mediation of overt channels Mediation of covert channels Auditing of overt channels Auditing of covert channels None of the above Correct Correct! CBC mode is specifically designed to close covert communication channels in block encryption algorithms. 2 . Question 2 Which is a true statement? 1 / 1  point Conventional crypto scales perfectly well Conventional crypto scales poorly to large groups Conventional crypto does not need to scale All of the above Correct Correct! The symmetric key based method inherent in conventional cryptography does not scale well to large groups. 3 . Question 3 Public Key Cryptography involves which of the following? 1 / 1  point Publicly known secret keys Publicly known private keys Publicly known public keys All of the above ...
Post a Comment
Read more

Cyber Attack Countermeasures : Module 2 Quiz

Cyber Attack Countermeasures: Module 2 Quiz #cyber #quiz #course #era #answer #module 1 . Question 1 “Identification” in the process of authentication involves which of the following? 1 / 1  point Typing a password Keying in a passphrase Typing in User ID and password Typing in User ID None of the above Correct Correct! The definition of identification involves providing a user’s ID (identification). 2 . Question 2 Which of the following statements is true? 1 / 1  point Identifiers are secret Identifiers are not secret Identifiers are the secret part of authentication All of the above Correct Correct! Identifiers for users are generally not viewed by security experts as being secret. 3 . Question 3 Which of the following is not a good candidate for use as a proof factor in the authentication process? 1 / 1  point Making sure the User ID is correct Typing in a correct password Confirming location, regardless of the country you are in The move...
Post a Comment
Read more

Rectangular Microstrip Patch Antenna

Microstrip is a type of electrical transmission line which can be fabricated using printed circuit board technology, and is used to convey microwave-frequency signals. It consists of a conducting strip separated from a ground plane by a dielectric layer known as the substrate. The most commonly employed microstrip antenna is a rectangular patch which looks like a truncated  microstrip  transmission line. It is approximately of one-half wavelength long. When air is used as the dielectric substrate, the length of the rectangular microstrip antenna is approximately one-half of a free-space  wavelength . As the antenna is loaded with a dielectric as its substrate, the length of the antenna decreases as the relative  dielectric constant  of the substrate increases. The resonant length of the antenna is slightly shorter because of the extended electric "fringing fields" which increase the electrical length of the antenna slightly. An early model of the microst...
Read more