{"id":13769,"date":"2018-04-18T05:24:08","date_gmt":"2018-04-17T23:54:08","guid":{"rendered":"https:\/\/data-flair.training\/blogs\/?p=13769"},"modified":"2026-04-25T12:02:44","modified_gmt":"2026-04-25T06:32:44","slug":"python-forensics","status":"publish","type":"post","link":"https:\/\/data-flair.training\/blogs\/python-forensics\/","title":{"rendered":"Python Forensics | Hash Function, Virtualization & much more"},"content":{"rendered":"

In this tutorial on Python Forensics, we will learn Naming Conventions, Hash Functions, Cracking an Encryption, Virtualization, Network Forensics, Dshell and Scapy, Searching, Indexing, Python Imaging Library, and Mobile Forensics with a detailed explanation.<\/p>\n

If you\u2019re new to Python, however, you should begin today with A Python Introduction<\/a>, <\/strong>and then if you face any queries on Python Forensics<\/strong>, please comment. So, let\u2019s begin with Python Forensics.<\/p>\n

Introduction to Computational Forensics<\/h3>\n

A quantitative approach to the methodology of the forensic sciences, Computational Forensics(CF), helps study and solve problems in various forensic disciplines. This is using computer-based modeling, computer simulation, analysis, and recognition.<\/p>\n

Based on pattern evidence, such as toolmarks, fingerprints, shoeprints, and documents, it makes use of a gamut of objects, processes, and substances. It also involves physiological and behavioral patterns, DNA, digital evidence, and crime scenes.<\/p>\n

We can make use of algorithms dealing with signal and image processing, computer vision, computer graphics, data mining, data visualization, statistical pattern recognition, machine learning, and robotics.<\/p>\n

But how is this different from computer forensics? While computer forensics studies digital evidence, computational forensics deals with various types of evidence.<\/p>\n

Naming Conventions for a Basic Python Forensics Application<\/h3>\n

Digital forensics pros love Python for parsing disk images, memory dumps, and network packets. Libraries like pytsk3 read NTFS or ext4, while scapy reconstructs packets for timeline analysis. Scripts can hash files (hashlib.sha256) to check integrity, carve lost pictures, or automate simple incident-response playbooks\u2014speeding investigations that once took days.<\/p>\n

In order to follow Python Forensics guidelines to build a basic application, we must follow certain naming conventions and patterns. Take a look at the following table:<\/p>\n\n\n\n\n\n\n\n\n\n\n
<\/td>\nNaming Convention<\/b><\/td>\nExample<\/b><\/td>\n<\/tr>\n
Constants<\/td>\nUppercase; words separated by underscores<\/td>\nSPEED_LIMIT<\/td>\n<\/tr>\n
Local variable<\/td>\ncamelCase with optional underscores<\/td>\ncurrentSpeed<\/td>\n<\/tr>\n
Global variable<\/td>\nPrefix gl_with camelCase with optional underscores<\/td>\ngl_maximumSpeed<\/td>\n<\/tr>\n
Function<\/td>\nPascalCase with optional underscores; active voice<\/td>\nConvertToMilesPerHour(\u2026)<\/td>\n<\/tr>\n
Object<\/td>\nPrefix ob_ with camelCase<\/td>\nob_mySpeedrecorder<\/td>\n<\/tr>\n
Module<\/td>\nPrefix _ with camelCase<\/td>\n_speedRecorder<\/td>\n<\/tr>\n
Class<\/td>\nPrefix class_ with PascalCase; keep it brief<\/td>\nclass_SpeedSystem<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Consider a hashing algorithm to encrypt data. This is one-way and takes as input a stream of binary data. Now, considering real-life situations, this could be a password or a file, or even binary or other kinds of digital data. The algorithm takes this input and produces a message digest(md). These digests are unique, and no two inputs will generate the same. Take a demo:<\/p>\n

import sys,string,md5\r\nprint(\"Enter full name\")\r\nline=sys.stdin.readline()\r\nline=line.rstrip()\r\nmd5_object=md5.new()\r\nmd5_object.update(line)\r\nprint(md5_object.hexdigest())\r\nexit<\/pre>\n
This program makes use of the md5 hashing algorithm. It takes your full name, encrypts it, and secures it. Next in the Python Forensics tutorial, we introduce you to the concept of Hash Functions.<\/p>\n
Python Hash Functions<\/h3>\n
A hash\u00a0<\/a><\/strong>function<\/strong><\/a> in Python maps<\/span> a large amount of data to a fixed value of a specified length. An input always delivers the same output. This is a hash sum, and it holds a characteristic with specific information.<\/p>\n
Since it is practically impossible to reverse a hash function, you\u2019ll rarely find a third-party attack (like brute-force) on it. This is why we also call it a one-way cryptographic algorithm.<\/p>\n
Let’s take a look at this code:<\/p>\n
>>> import uuid\r\n>>> import hashlib\r\n>>> def hash_password(password):\r\n    salt = uuid.uuid4().hex\r\n    return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt\r\n>>> def check_password(hashed_password, user_password):\r\n    password, salt = hashed_password.split(':')\r\n    return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()\r\n>>> new_pass = input('Enter required password ')<\/pre>\n
Please enter required password ayushi<\/p>\n
>>> hashed_password = hash_password(new_pass)\r\n>>> print('The string to store in the db is: ' + hashed_password)<\/pre>\n
The string to store in the db is: b1076bdba4cd3f71b927a7d43b8c0c6b767cf0b310c2371a192572f7f671f271:17de37c5292f4bbc88e74acca7cdefb2<\/p>\n
>>> old_pass = input('Enter new password ')<\/pre>\n
Re-enter new password ayu$hi<\/p>\n
>>> if check_password(hashed_password, old_pass):\r\n    print(\u2018You entered the correct password\u2019)\r\nelse:\r\n    print(\u2018Passwords do not match\u2019)<\/pre>\n
Passwords do not match
\nThis is the flowchart for this code:<\/p>\n
\"Python<\/a>
Python Forensics – Hash Function<\/p><\/div>\n
In the ideal cryptographic hash function:<\/strong><\/p>\n