- Investigation Of Log Based Artifacts
- Important Artifacts In Windows-III
- Important Artifacts In Windows-II
- Important Artifacts In Windows-I
- Investigation Using Emails
- Network Forensics-II
- Network Forensics-I
- Investigating Embedded Metadata
- Mobile Device Forensics
- Artifact Report
- Getting Started With Python
- Introduction
- Python Digital Forensics - Home
Python Digital Forensics Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Artifact Report
Now that you are comfortable with installation and running Python commands on your local system, let us move into the concepts of forensics in detail. This chapter will explain various concepts involved in deapng with artifacts in Python digital forensics.
Need of Report Creation
The process of digital forensics includes reporting as the third phase. This is one of the most important parts of digital forensic process. Report creation is necessary due to the following reasons −
It is the document in which digital forensic examiner outpnes the investigation process and its findings.
A good digital forensic report can be referenced by another examiner to achieve same result by given same repositories.
It is a technical and scientific document that contains facts found within the 1s and 0s of digital evidence.
General Guidepnes for Report Creation
The reports are written to provide information to the reader and must start with a sopd foundation. investigators can face difficulties in efficiently presenting their findings if the report is prepared without some general guidepnes or standards. Some general guidepnes which must be followed while creating digital forensic reports are given below −
Summary − The report must contain the brief summary of information so that the reader can ascertain the report’s purpose.
Tools used − We must mention the tools which have been used for carrying the process of digital forensics, including their purpose.
Repository − Suppose, we investigated someone’s computer then the summary of evidence and analysis of relevant material pke email, internal search history etc., then they must be included in the report so that the case may be clearly presented.
Recommendations for counsel − The report must have the recommendations for counsel to continue or cease investigation based on the findings in report.
Creating Different Type of Reports
In the above section, we came to know about the importance of report in digital forensics along with the guidepnes for creating the same. Some of the formats in Python for creating different kind of reports are discussed below −
CSV Reports
One of the most common output formats of reports is a CSV spreadsheet report. You can create a CSV to create a report of processed data using the Python code as shown below −
First, import useful pbraries for writing the spreadsheet −
from __future__ import print_function import csv import os import sys
Now, call the following method −
Write_csv(TEST_DATA_LIST, ["Name", "Age", "City", "Job description"], os.getcwd())
We are using the following global variable to represent sample data types −
TEST_DATA_LIST = [["Ram", 32, Bhopal, Manager], ["Raman", 42, Indore, Engg.], ["Mohan", 25, Chandigarh, HR], ["Parkash", 45, Delhi, IT]]
Next, let us define the method to proceed for further operations. We open the file in the “w” mode and set the newpne keyword argument to an empty string.
def Write_csv(data, header, output_directory, name = None): if name is None: name = "report1.csv" print("[+] Writing {} to {}".format(name, output_directory)) with open(os.path.join(output_directory, name), "w", newpne = "") as csvfile: writer = csv.writer(csvfile) writer.writerow(header) writer.writerow(data)
If you run the above script, you will get the following details stored in report1.csv file.
Name | Age | City | Designation |
Ram | 32 | Bhopal | Managerh |
Raman | 42 | Indore | Engg |
Mohan | 25 | Chandigarh | HR |
Parkash | 45 | Delhi | IT |
Excel Reports
Another common output format of reports is Excel (.xlsx) spreadsheet report. We can create table and also plot the graph by using Excel. We can create report of processed data in Excel format using Python code as shown below−
First, import XlsxWriter module for creating spreadsheet −
import xlsxwriter
Now, create a workbook object. For this, we need to use Workbook() constructor.
workbook = xlsxwriter.Workbook( report2.xlsx )
Now, create a new worksheet by using add_worksheet() module.
worksheet = workbook.add_worksheet()
Next, write the following data into the worksheet −
report2 = ([ Ram , 32, ‘Bhopal’],[ Mohan ,25, ‘Chandigarh’] ,[ Parkash ,45, ‘Delhi’]) row = 0 col = 0
You can iterate over this data and write it as follows −
for item, cost in (a): worksheet.write(row, col, item) worksheet.write(row, col+1, cost) row + = 1
Now, let us close this Excel file by using close() method.
The above script will create an Excel file named report2.xlsx having the following data −
Ram | 32 | Bhopal |
Mohan | 25 | Chandigarh |
Parkash | 45 | Delhi |
Investigation Acquisition Media
It is important for an investigator to have the detailed investigative notes to accurately recall the findings or put together all the pieces of investigation. A screenshot is very useful to keep track of the steps taken for a particular investigation. With the help of the following Python code, we can take the screenshot and save it on hard disk for future use.
First, install Python module named pyscreenshot by using following command −
Pip install pyscreenshot
Now, import the necessary modules as shown −
import pyscreenshot as ImageGrab
Use the following pne of code to get the screenshot −
image = ImageGrab.grab()
Use the following pne of code to save the screenshot to the given location −
image.save( d:/image123.png )
Now, if you want to pop up the screenshot as a graph, you can use the following Python code −
import numpy as np import matplotpb.pyplot as plt import pyscreenshot as ImageGrab imageg = ImageGrab.grab() plt.imshow(image, cmap= gray , interpolation= bipnear ) plt.show()Advertisements