Python Digital Forensics - Getting Started


In the previous chapter, we learnt the basics of digital forensics, its advantages and limitations. This chapter will make you comfortable with Python, the essential tool that we are using in this digital forensics investigation.

Why Python for Digital Forensics?

Python is a popular programming language and is used as tool for cyber security, penetration testing as well as digital forensic investigations. When you choose Python as your tool for digital forensics, you do not need any other third party software for completing the task.

Some of the unique features of Python programming language that makes it a good fit for digital forensics projects are given below −

  • Simplicity of Syntax − Python’s syntax is simple compared to other languages, that makes it easier for one to learn and put into use for digital forensics.

  • Comprehensive inbuilt modules − Python’s comprehensive inbuilt modules are an excellent aid for performing a complete digital forensic investigation.

  • Help and Support − Being an open source programming language, Python enjoys excellent support from the developer’s and users’ community.

Features of Python

Python, being a high-level, interpreted, interactive and object-oriented scripting language, provides the following features −

  • Easy to Learn − Python is a developer friendly and easy to learn language, because it has fewer keywords and simplest structure.

  • Expressive and Easy to read − Python language is expressive in nature; hence its code is more understandable and readable.

  • Cross-platform Compatible − Python is a cross-platform compatible language which means it can run efficiently on various platforms such as UNIX, Windows, and Macintosh.

  • Interactive Mode Programming − We can do interactive testing and debugging of code because Python supports an interactive mode for programming.

  • Provides Various Modules and Functions − Python has large standard library which allows us to use rich set of modules and functions for our script.

  • Supports Dynamic Type Checking − Python supports dynamic type checking and provides very high-level dynamic data types.

  • GUI Programming − Python supports GUI programming to develop Graphical user interfaces.

  • Integration with other programming languages − Python can be easily integrated with other programming languages like C, C++, JAVA etc.

Installing Python

Python distribution is available for various platforms such as Windows, UNIX, Linux, and Mac. We only need to download the binary code as per our platform. In case if the binary code for any platform is not available, we must have a C compiler so that source code can be compiled manually.

This section will make you familiar with installation of Python on various platforms−

Python Installation on Unix and Linux

You can follow following the steps shown below to install Python on Unix/Linux machine.

Step 1 − Open a Web browser. Type and enter

Step 2 − Download zipped source code available for Unix/Linux.

Step 3 − Extract the downloaded zipped files.

Step 4 − If you wish to customize some options, you can edit the Modules/Setup file.

Step 5 − Use the following commands for completing the installation −

run ./configure script
make install

Once you have successfully completed the steps given above, Python will be installed at its standard location /usr/local/bin and its libraries at /usr/local/lib/pythonXX where XX is the version of Python.

Python Installation on Windows

We can follow following simple steps to install Python on Windows machine.

Step 1 − Open a web browser. Type and enter

Step 2 − Download the Windows installer python-XYZ.msi file, where XYZ is the version we need to install.

Step 3 − Now run that MSI file after saving the installer file to your local machine.

Step 4 − Run the downloaded file which will bring up the Python installation wizard.

Python Installation on Macintosh

For installing Python 3 on Mac OS X, we must use a package installer named Homebrew.

You can use the following command to install Homebrew, incase you do not have it on your system −

$ ruby -e "$(curl -fsSL"

If you need to update the package manager, then it can be done with the help of following command −

$ brew update

Now, use the following command to install Python3 on your system −

$ brew install python3

Setting the PATH

We need to set the path for Python installation and this differs with platforms such as UNIX, WINDOWS, or MAC.

Path setting at Unix/Linux

You can use the following options to set the path on Unix/Linux −

  • If using csh shell - Type setenv PATH "$PATH:/usr/local/bin/python" and then press Enter.

  • If using bash shell (Linux) − Type export ATH="$PATH:/usr/local/bin/python" and then press Enter.

  • If using sh or ksh shell - Type PATH="$PATH:/usr/local/bin/python" and then press Enter.

Path Setting at Windows

Type path %path%;C:\Python at the command prompt and then press Enter.

Running Python

You can choose any of the following three methods to start the Python interpreter −

Method 1: Using Interactive Interpreter

A system that provides a command-line interpreter or shell can easily be used for starting Python. For example, Unix, DOS etc. You can follow the steps given below to start coding in interactive interpreter −

Step 1 − Enter python at the command line.

Step 2 − Start coding right away in the interactive interpreter using the commands shown below −

$python # Unix/Linux
python% # Unix/Linux
C:> python # Windows/DOS

Method 2: Using Script from the Command-line

We can also execute a Python script at command line by invoking the interpreter on our application. You can use commands shown below −

$python # Unix/Linux
python% # Unix/Linux
C: >python # Windows/DOS

Method 3: Integrated Development Environment

If a system has GUI application that supports Python, then Python can be run from that GUI environment. Some of the IDE for various platforms are given below −

  • Unix IDE − UNIX has IDLE IDE for Python.

  • Windows IDE − Windows has PythonWin, the first Windows interface for Python along with GUI.

  • Macintosh IDE − Macintosh has IDLE IDE which is available from the main website, downloadable as either MacBinary or BinHex'd files.