Python Digital Forensics 简明教程

Python Digital Forensics - Getting Started

在上一章中,我们了解了数字取证的基础知识、其优势和局限性。本章将让你熟悉 Python,这是我们在数字取证调查中使用的基本工具。

In the previous chapter, we learnt the basics of digital forensics, its advantages and limitations. This chapter will make you comfortable with Python, the essential tool that we are using in this digital forensics investigation.

Why Python for Digital Forensics?

Python 是一种流行的编程语言,可用作网络安全、渗透测试以及数字取证调查的工具。当你选择 Python 作为数字取证的工具时,无需任何其他第三方软件即可完成任务。

Python is a popular programming language and is used as tool for cyber security, penetration testing as well as digital forensic investigations. When you choose Python as your tool for digital forensics, you do not need any other third party software for completing the task.

下面给出了一些使 Python 编程语言非常适合数字取证项目的独特特性:

Some of the unique features of Python programming language that makes it a good fit for digital forensics projects are given below −

  1. Simplicity of Syntax − Python’s syntax is simple compared to other languages, that makes it easier for one to learn and put into use for digital forensics.

  2. Comprehensive inbuilt modules − Python’s comprehensive inbuilt modules are an excellent aid for performing a complete digital forensic investigation.

  3. Help and Support − Being an open source programming language, Python enjoys excellent support from the developer’s and users’ community.

Features of Python

Python 作为一种高级、解释、交互和面向对象的脚本语言,提供了以下特性:

Python, being a high-level, interpreted, interactive and object-oriented scripting language, provides the following features −

  1. Easy to Learn − Python is a developer friendly and easy to learn language, because it has fewer keywords and simplest structure.

  2. Expressive and Easy to read − Python language is expressive in nature; hence its code is more understandable and readable.

  3. Cross-platform Compatible − Python is a cross-platform compatible language which means it can run efficiently on various platforms such as UNIX, Windows, and Macintosh.

  4. Interactive Mode Programming − We can do interactive testing and debugging of code because Python supports an interactive mode for programming.

  5. Provides Various Modules and Functions − Python has large standard library which allows us to use rich set of modules and functions for our script.

  6. Supports Dynamic Type Checking − Python supports dynamic type checking and provides very high-level dynamic data types.

  7. GUI Programming − Python supports GUI programming to develop Graphical user interfaces.

  8. Integration with other programming languages − Python can be easily integrated with other programming languages like C, C++, JAVA etc.

Installing Python

Python 发行版适用于各种平台,如 Windows、UNIX、Linux 和 Mac。我们只需要根据自己的平台下载二进制代码即可。如果任何平台的二进制代码不可用,我们必须有一个 C 编译器才能手动编译源代码。

Python distribution is available for various platforms such as Windows, UNIX, Linux, and Mac. We only need to download the binary code as per our platform. In case if the binary code for any platform is not available, we must have a C compiler so that source code can be compiled manually.

本节将让你熟悉 Python 在各种平台上的安装 −

This section will make you familiar with installation of Python on various platforms−

Python Installation on Unix and Linux

你可以按照下面所示的步骤在 Unix/Linux 机器上安装 Python。

You can follow following the steps shown below to install Python on Unix/Linux machine.

Step 1 − 打开网络浏览器。输入并访问 www.python.org/downloads/

Step 1 − Open a Web browser. Type and enter www.python.org/downloads/

Step 2 − 下载适用于 Unix/Linux 的压缩源代码。

Step 2 − Download zipped source code available for Unix/Linux.

Step 3 − 提取下载的压缩文件。

Step 3 − Extract the downloaded zipped files.

Step 4 − 如果你希望自定义一些选项,你可以编辑 Modules/Setup file

Step 4 − If you wish to customize some options, you can edit the Modules/Setup file.

Step 5 − 使用以下命令完成安装 −

Step 5 − Use the following commands for completing the installation −

run ./configure script
make
make install

一旦成功完成了上述步骤,Python 将安装在其标准位置 /usr/local/bin ,其库安装在 /usr/local/lib/pythonXX ,其中 XX 是 Python 的版本。

Once you have successfully completed the steps given above, Python will be installed at its standard location /usr/local/bin and its libraries at /usr/local/lib/pythonXX where XX is the version of Python.

Python Installation on Windows

我们可以按照以下简单步骤在 Windows 机器上安装 Python。

We can follow following simple steps to install Python on Windows machine.

Step 1 − 打开网络浏览器。输入并访问 www.python.org/downloads/

Step 1 − Open a web browser. Type and enter www.python.org/downloads/

Step 2 − 下载 Windows 安装程序 python-XYZ.msi 文件,其中 XYZ 是我们需要安装的版本。

Step 2 − Download the Windows installer python-XYZ.msi file, where XYZ is the version we need to install.

Step 3 − 现在在你将安装程序文件保存在本地机器后运行该 MSI 文件。

Step 3 − Now run that MSI file after saving the installer file to your local machine.

Step 4 − 运行下载的文件,它将启动 Python 安装向导。

Step 4 − Run the downloaded file which will bring up the Python installation wizard.

Python Installation on Macintosh

要在 Mac OS X 上安装 Python 3,我们必须使用名为 Homebrew 的包安装程序。

For installing Python 3 on Mac OS X, we must use a package installer named Homebrew.

如果没有系统上 Homebrew ,可以使用以下命令进行安装 −

You can use the following command to install Homebrew, incase you do not have it on your system −

$ ruby -e "$(curl -fsSL
https://raw.githubusercontent.com/Homebrew/install/master/install)"

如果需要更新包管理器,则可以使用以下命令完成此操作 −

If you need to update the package manager, then it can be done with the help of following command −

$ brew update

现在,使用以下命令在系统上安装 Python3 −

Now, use the following command to install Python3 on your system −

$ brew install python3

Setting the PATH

我们需要为 Python 安装设置路径,它因平台而异,例如 UNIX、WINDOWS 或 MAC。

We need to set the path for Python installation and this differs with platforms such as UNIX, WINDOWS, or MAC.

Path setting at Unix/Linux

可以使用以下选项在 Unix/Linux 上设置路径 −

You can use the following options to set the path on Unix/Linux −

  1. If using csh shell - Type setenv PATH "$PATH:/usr/local/bin/python" and then press Enter.

  2. If using bash shell (Linux) − Type export ATH="$PATH:/usr/local/bin/python" and then press Enter.

  3. If using sh or ksh shell - Type PATH="$PATH:/usr/local/bin/python" and then press Enter.

Path Setting at Windows

在命令提示符处键入 path %path%;C:\Python ,然后按 Enter。

Type path %path%;C:\Python at the command prompt and then press Enter.

Running Python

可以选择以下三种方法中的任何一种来启动 Python 解释器 −

You can choose any of the following three methods to start the Python interpreter −

Method 1: Using Interactive Interpreter

提供命令行解释器或 shell 的系统可轻松用于启动 Python。例如,Unix、DOS 等。可以按照以下步骤在交互式解释器中开始编码 −

A system that provides a command-line interpreter or shell can easily be used for starting Python. For example, Unix, DOS etc. You can follow the steps given below to start coding in interactive interpreter −

Step 1 − 在命令行中输入 python

Step 1 − Enter python at the command line.

Step 2 − 使用以下所示命令在交互式解释器中立即开始编码 −

Step 2 − Start coding right away in the interactive interpreter using the commands shown below −

$python # Unix/Linux
or
python% # Unix/Linux
or
C:> python # Windows/DOS

Method 2: Using Script from the Command-line

还可以通过在应用程序上调用解释器来在命令行中执行 Python 脚本。可以使用以下所示命令 −

We can also execute a Python script at command line by invoking the interpreter on our application. You can use commands shown below −

$python script.py # Unix/Linux
or
python% script.py # Unix/Linux
or
C: >python script.py # Windows/DOS

Method 3: Integrated Development Environment

如果系统有支持 Python 的 GUI 应用程序,则可以从该 GUI 环境中运行 Python。下面给出一些适用于不同平台的 IDE −

If a system has GUI application that supports Python, then Python can be run from that GUI environment. Some of the IDE for various platforms are given below −

  1. Unix IDE − UNIX has IDLE IDE for Python.

  2. Windows IDE − Windows has PythonWin, the first Windows interface for Python along with GUI.

  3. Macintosh IDE − Macintosh has IDLE IDE which is available from the main website, downloadable as either MacBinary or BinHex’d files.