Python Forensics Tutorial
Python Forensics Useful Resources
Selected Reading
- Implementation of Cloud
- Indicators of Compromise
- Forensics in Linux
- Memory & Forensics
- Multiprocessing Support
- Network Time Protocol
- Mobile Forensics
- Python Imaging Library
- Indexing
- Searching
- Dshell and Scapy
- Python Modules
- Network Forensics
- Virtualization
- Cracking an Encryption
- Hash Function
- Basic Forensic Application
- Overview of Python
- Installation of Python
- Introduction
- Home
Python Forensics Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Network Time Protocol
Python Forensics - Network Time Protocol
The most widely used protocol for synchronizing time and which has been widely accepted as a practice is done through Network Time Protocol (NTP).
NTP uses the User Datagram Protocol (UDP) which uses minimum time to communicate the packets between the server and the cpent who wish to synchronize with the given time source.
Features of Network Time Protocol are as follows −
The default server port is 123.
This protocol consists of many accessible time servers synchronized to national laboratories.
The NTP protocol standard is governed by the IETF and the Proposed Standard is RFC 5905, titled “Network Time Protocol Version 4: Protocol and Algorithms Specification” [NTP RFC]
Operating systems, programs, and apppcations use NTP to synchronize time in a proper way.
In this chapter, we will focus on the usage of NTP with Python, which is feasible from third-party Python Library ntppb. This pbrary efficiently handles the heavy pfting, which compares the results to my local system clock.
Instalpng the NTP Library
The ntppb is available for download at as shown in the following figure.
The pbrary provides a simple interface to NTP servers with the help of methods that can translate NTP protocol fields. This helps access other key values such as leap seconds.
The following Python program helps in understanding the usage of NTP.
import ntppb import time NIST = nist1-macon.macon.ga.us ntp = ntppb.NTPCpent() ntpResponse = ntp.request(NIST) if (ntpResponse): now = time.time() diff = now-ntpResponse.tx_time print diff;
The above program will produce the following output.
The difference in time is calculated in the above program. These calculations help in forensic investigations. The network data obtained is fundamentally different than the analysis of data found on the hard drive.
The difference in time zones or getting accurate time zones can help in gathering evidence for capturing the messages through this protocol.
Advertisements