This 5-day practical training aims to provide participants with the skills required to develop their own Python programs for automating forensic processes and gathering open source intelligence.
Constant evolution of technology makes it difficult to define a concrete set of standard practices for extracting evidential data from digital devices. While the technological evolution of personal computers is less dynamic, each operating system manages data in a manner different to the others. Another difficulty faced by examiners is the variety of applications that are available on mobile devices and computers, many of which store evidential data in various locations in their respective file systems.
Forensics tools that help investigators to recover digital evidence exist in abundance on the Web, both free and commercial. But what happens when a tool does not already exist for a specific issue or a specific device? Anyone who has recently performed a forensic investigation knows that you are often left with a sense of frustration, knowing data existed only you had a tool that could access it. The Python programming language is a high-level, general-purpose language with clear syntax and a comprehensive standard library. Often referred to as a scripting language, security experts have singled out Python as a language to develop information security toolkits. The modular design, human-readable code, and fully developed suite of libraries provide a starting point for security researchers and experts to build tools that help them to speed up and automate the discovery of evidence and reduce the amount of undetected data.
This training project aims to enhance the level of competence of cybercrime investigators and digital forensics analysts from the respective countries, who deal with highly complex computer crimes.