Python Digital Forensics Artifact Report
Python Digital Forensics: Artifact Reports
Now that you are familiar with installing and running Python commands on your local system, let’s delve into forensic concepts in detail. This chapter will explain the various concepts involved in working with artifacts in Python digital forensics.
The Need for Report Creation
The digital forensics process includes reporting as the third phase. This is one of the most important parts of the digital forensics process. Creating a report is necessary for the following reasons.
- It is a document that the digital forensics examiner uses to summarize the investigation process and findings.
-
A good digital forensics report can be referenced by another examiner who, given the same repository, achieved the same results.
-
It is a technical and scientific document that contains the facts found in the 1s and 0s of the digital evidence.
General Guidelines for Creating a Report
A report is written to provide information to the reader and must start with a solid foundation. Without some general guidelines or standards for report preparation, investigators will face difficulties in effectively presenting their findings. Here are some general guidelines that must be followed when creating a digital forensic report:
- Summary – The report must include a brief summary of the information so that the reader can determine the purpose of the report.
-
Tools Used – We must mention the tools used to conduct the digital forensics process, including their purpose.
-
Evidence Repository – Assuming we investigated someone’s computer, a summary of the evidence and analysis of relevant materials, such as emails, internal search history, etc., must be included in the report to clearly present the case.
-
Advice to Counsel – The report must include advice to counsel on whether to continue or cease the investigation based on the findings in the report.
Creating Different Types of Reports
In the previous section, we learned about the importance of reporting in digital forensics and the guidelines for creating reports. Now let’s discuss some formats for creating different types of reports in Python.
CSV Reports
One of the most common report output formats is the CSV spreadsheet report. You can use Python code to create a CSV file to create a report of the processed data, as shown below.
First, import useful libraries for writing spreadsheets:
from __future__ import print_function
import csv
import os
import sys
Now, call the following method:
Write_csv(TEST_DATA_LIST, ["Name", "Age", "City", "Job description"], os.getcwd())
We use the following global variables to represent the sample data types:
TEST_DATA_LIST = [["Ram", 32, Bhopal, Manager],
["Raman", 42, Indore, Engg.],
["Mohan", 25, Chandigarh, HR],
["Parkash", 45, Delhi, IT]]
Next, let’s define methods for further manipulation. We open the file in “w” mode and set the newline keyword argument to an empty string.
def Write_csv(data, header, output_directory, name = None):
if name is None:
name = "report1.csv"
print("[+] Writing {} to {}".format(name, output_directory))
with open(os.path.join(output_directory, name), "w", newline = "") as csvfile:
writer = csv.writer(csvfile)
writer.writerow(header)
writer.writerow(data)
If you run the above script, you will get the following details stored in the report1.csv file.
| Name | Age | City | Position |
|---|---|---|---|
| Ram | 32 | Bhopal | Manager |
| Raman | 42 | Indore | Engineer |
| Yin Mingshan | 25 | Chandigarh | Human Resources |
| Pukeshi | 45 | Delhi | Information Technology |
Excel Report
Another common report output format is Excel (.xlsx) spreadsheet reports. Excel can be used to create tables and charts. We can use Python code to create a data processing report in Excel format, as shown below.
First, import the XlsxWriter module for creating spreadsheets −
import Tutorial">xlsxwriter
Now, create a workbook object. To do this, we need to use the Workbook() constructor.
workbook = xlsxwriter.Workbook('report2.xlsx')
Now, create a new worksheet by using the add_worksheet() module.
worksheet = workbook.add_worksheet()
Next, write the following data to the worksheet –
report2 = (['Ram', 32, 'Bhopal'],['Mohan', 25, 'Chandigarh'],['Parkash', 45, 'Delhi'])
row = 0
col = 0
You can loop through this data and write the following code −
for item, cost in (a):
worksheet.write(row, col, item)
worksheet.write(row, col+1, cost)
row + = 1
Now, let’s close the Excel file using the close() method.
workbook.close()
The above script will create an Excel file named report2.xlsx with the following data: –
| Ram | 32 | Bhopal |
|---|---|---|
| Mohan | 25 | Chandigarh |
| Parkash | 45 | Delhi |
Investigation Access Media
Maintaining detailed investigative notes is crucial for investigators to accurately recall findings or keep track of all the details. Screenshots are useful for documenting the steps involved in an investigation. With the help of the following Python code, we can take a screenshot and save it to disk for future use.
First, install the Python module called pyscreenshot using the following command: –
Pip install pyscreenshot
Now, import the necessary modules as shown in the image.
import pyscreenshot as ImageGrab
Use the following line of code to take a screenshot:
image = ImageGrab.grab()
Use the following code to save the screenshot to a specified location: –
image.save('d:/image123.png')
Now, if you want to display the screenshot as a graphic, you can use the following Python code: –
import numpy as np
import matplotlib.pyplot as plt
import pyscreenshot as ImageGrab
imageg = ImageGrab.grab()
plt.imshow(image, cmap='gray', interpolation='bilinear')
plt.show()