Skip to main content

Python Programming For Digital Forensics And Security Analysis

Python Programming For Digital Forensics And Security Analysis


#cybersecurity #coursera #quiz #solution #network #python



One of the many uses of the versatile Python programming language is digital forensics and security analysis. This article covers various aspects such as socket programming, port scanning, geopositioning, and extracting data from sites such as Twitter.
Python is one of the most powerful programming languages ​​used in key areas such as cloud computing, big data analysis, network forensics, mobile app development and web development. Python has been in use for over 20 years.
Python code follows multiple programming paradigms, including imperative, functional, procedural, and object-oriented, to provide support. Nowadays, Python is widely used for a variety of high performance computing applications by a number of corporate giants including Microsoft, Google, Red Hat, IBM, Amazon and many others. Python is free and open source, and delivers the implementations and interfaces for many other languages and platforms.

This table 1 lists different Python implementations and the platforms and programming models they support.




Table 1


This figure 2 illustrates how Python code is executed on a system with Python 2.7 installed on Drive E: of the Windows operating system. IDE-based programming with Python can include any IDE for writing, debugging, and executing code.




Given below is a list of Python IDEs where a graphical user interface is provided for easy programming:




Digital forensics experts rely on a variety of tools and operating systems when investigating digital crimes. Python is a popular programming language for digital investigations. Many forensic tools are used with Kali Linux, MetaSploit, and Parrot Security OS.These tools come with pre-installed applications that the users deploy without knowing the internal architecture and algorithmic approach of implementation. Python is a widely used programming language for cybersecurity, penetration testing, and digital forensic applications.Using basic Python programming, any of the following can be done without using any third party tools:

Web server fingerprinting
Attack Modeling
Port scanning
Website cloning
Load generation and site testing
Building Intrusion Detection and Prevention Systems
Scanning for a wireless network
Network traffic transmission
Accessing mail servers



Socket programming

Socket programming is in-built with Python, similar to Java. To work with socket programming, the package socket is first imported and then the related methods can be called. Python installation comes with the in-built IDLE GUI.




Network port scanning

Generally, the nmap tool is used for the implementation of network port scanning, but using Python socket programming, it can be implemented without any third party tool. In Kali Linux, there are many tools available for digital forensics related to networks, but many of these implementations can be done using Python programming with just a few lines of instruction.

The code for port scanning of any IP address can be downloaded from here. The code checks which particular ports are open from the PortList [20, 22, 23, 80, 135, 445, 912]. Each value in the PortList specifies a particular service associated with the network.

Geolocation extraction

The real-time location of an IP address can be extracted using Python and Google APIs with the use of the pygeoip module. First of all, import the GeoIP database from the URL.

Once the database is loaded and mapped with the Python installation, any IP address can be scanned with global visibility and location.

>>> import pygeoip
>>> myGeoIP = pygeoip.GeoIP(‘GeoIPDataSet.dat’)
>>> myGeoIP.country_name_by_addr(‘<IP Address>’)
 ‘United States‘

To look up the country, use the following commands:

>>> myGeoIP = pygeoip.GeoIP(‘GeoIPDataSet.dat’)
>>> myGeoIP.country_code_by_name(‘google.com’)
‘US’
>>> myGeoIP.country_code_by_addr(‘<IP Address>’)
‘US’
>>> myGeoIP.country_name_by_addr(‘<IP Address>’)
‘United States’

To look up the city, use the following commands:

>>> myGeoIP = pygeoip.GeoIP(‘GeoIPCity.dat’)
>>> myGeoIP.record_by_addr(‘<IP Address>’)
{
    ‘city’: u’Mountain View’,
    ‘region_code’: u’CA’,
    ‘area_code’: 550,
    ‘time_zone’: ‘America/Los_Angeles’,
    ‘dma_code’: 807,
    ‘metro_code’: ‘San Francisco, CA’,
    ‘country_code3’: ‘USA’,
    ‘latitude’: 38.888222,
    ‘postal_code’: u’94043’,
    ‘longitude’: -123.37383,
    ‘country_code’: ‘US’,
    ‘country_name’: ‘United States’,
    ‘continent’: ‘NA’
}
>>> myGeoIP.time_zone_by_addr(‘<IP Address>’)
‘America/Los_Angeles

Real-time extraction from social media

The live and real-time data from social media platforms can be downloaded using Python scripts. In Python, there are many modules and extensions with which the interfacing with WhatsApp, Twitter, Facebook, LinkedIn and many other platforms can be done.






Python package index (PyPI)

PyPI (https://pypi.python.org) is the software repository of enormous Python packages for interfacing with other platforms. PyPI is freely available for Python developers without any licensing or subscriptions.

You can download the Python codes for the three actions given below from https://www.opensourceforu.com/article_source_code/sept16/digital_forensic.zip
1. Fetching the list of followers from Twitter about any user
2. Fetching the Twitter timeline for any user name

Real-time extraction of live tweets from Twitter

With the execution of the Python code downloaded from the above link, the live real-time discussion on any topic or keyword can be fetched. With this execution, the real-time discussion on the word ‘India’ will be fetched along with the details on the users involved in the transmission and distribution of tweets. The user data will include the user name, device, tweet, followers’ list, timestamp of the tweet, platform used, etc.



Comments

Popular posts from this blog

Rectangular Microstrip Patch Antenna

Microstrip is a type of electrical transmission line which can be fabricated using printed circuit board technology, and is used to convey microwave-frequency signals. It consists of a conducting strip separated from a ground plane by a dielectric layer known as the substrate. The most commonly employed microstrip antenna is a rectangular patch which looks like a truncated  microstrip  transmission line. It is approximately of one-half wavelength long. When air is used as the dielectric substrate, the length of the rectangular microstrip antenna is approximately one-half of a free-space  wavelength . As the antenna is loaded with a dielectric as its substrate, the length of the antenna decreases as the relative  dielectric constant  of the substrate increases. The resonant length of the antenna is slightly shorter because of the extended electric "fringing fields" which increase the electrical length of the antenna slightly. An early model of the microst...

How to Set Up Guest Access on Ruckus ZoneDirector – Step-by-Step Guide

 Are you looking to configure guest access on your Ruckus wireless network? In this blog, we’ll take you through the entire process of setting up secure guest access using Ruckus ZoneDirector. Whether you're an IT admin or a network manager, this guide will help you create a BYOD guest WLAN, set up guest pass authentication, and secure your network with wireless client isolation. Step-by-Step Tutorial Includes: Logging into the Ruckus ZoneDirector controller Configuring Guest Access services for BYOD devices Creating a dedicated guest WLAN Using guest pass authentication for added security Isolating guest devices on the network for better privacy Accessing the guest network from a client device By following this tutorial, you'll be able to provide a seamless and secure experience for visitors connecting to your WiFi network. Check out our video tutorial for a detailed walkthrough! #RuckusZoneDirector #GuestAccess #WiFiSetup #BYOD #WLANConfiguration #WirelessNetwork #NetworkSecu...

Prepare Data for Exploration : weekly challenge 1

Prepare Data for Exploration : weekly challenge 1 #coursera #exploration #weekly #challenge 1 #cybersecurity #coursera #quiz #solution #network Are you prepared to increase your data exploration abilities? The goal of Coursera's Week 1 challenge, "Prepare Data for Exploration," is to provide you the skills and resources you need to turn unprocessed data into insightful information. With the knowledge you'll gain from this course, you can ensure that your data is organised, clean, and ready for analysis. Data preparation is one of the most important processes in any data analysis effort. Inaccurate results and flawed conclusions might emerge from poorly prepared data. You may prepare your data for exploration with Coursera's Weekly Challenge 1. You'll discover industry best practises and insider advice. #answers #questions #flashcard 1 . Question 1 What is the most likely reason that a data analyst would use historical data instead of gathering new data? 1 / 1...