Python Forensics Tutorial
Python Forensics Useful Resources
Selected Reading
- Implementation of Cloud
- Indicators of Compromise
- Forensics in Linux
- Memory & Forensics
- Multiprocessing Support
- Network Time Protocol
- Mobile Forensics
- Python Imaging Library
- Indexing
- Searching
- Dshell and Scapy
- Python Modules
- Network Forensics
- Virtualization
- Cracking an Encryption
- Hash Function
- Basic Forensic Application
- Overview of Python
- Installation of Python
- Introduction
- Home
Python Forensics Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Searching
Python Forensics - Searching
Searching is certainly one of the pillars of forensic investigation. Nowadays, search is only as good as the investigator who is running the evidence.
Searching a keyword from the message plays a vital role in forensics, when we search for an evidence with the help of a keyword. The knowledge of what is to be searched in a particular file along with the ones in deleted files requires both experience and knowledge.
Python has various built-in mechanisms with standard pbrary modules to support search operation. Fundamentally, investigators use the search operation to find answers to questions such as "who", "what", "where", "when", etc.
Example
In the following example, we have declared two strings and then, we have used the find function to check whether the first string contains the second string or not.
# Searching a particular word from a message str1 = "This is a string example for Computational forensics of gathering evidence!"; str2 = "string"; print str1.find(str2) print str1.find(str2, 10) print str1.find(str2, 40)
The above script will produce the following output.
“find” function in Python helps in searching a keyword in a message or a paragraph. This is critical in collecting appropriate evidence.
Advertisements