Artifact Report


Advertisements

Now that you are comfortable with installation and running Python commands on your local system, let us move into the concepts of forensics in detail. This chapter will explain various concepts involved in dealing with artifacts in Python digital forensics.

Need of Report Creation

The process of digital forensics includes reporting as the third phase. This is one of the most important parts of digital forensic process. Report creation is necessary due to the following reasons −

  • It is the document in which digital forensic examiner outlines the investigation process and its findings.

  • A good digital forensic report can be referenced by another examiner to achieve same result by given same repositories.

  • It is a technical and scientific document that contains facts found within the 1s and 0s of digital evidence.

General Guidelines for Report Creation

The reports are written to provide information to the reader and must start with a solid foundation. investigators can face difficulties in efficiently presenting their findings if the report is prepared without some general guidelines or standards. Some general guidelines which must be followed while creating digital forensic reports are given below −

  • Summary − The report must contain the brief summary of information so that the reader can ascertain the report’s purpose.

  • Tools used − We must mention the tools which have been used for carrying the process of digital forensics, including their purpose.

  • Repository − Suppose, we investigated someone’s computer then the summary of evidence and analysis of relevant material like email, internal search history etc., then they must be included in the report so that the case may be clearly presented.

  • Recommendations for counsel − The report must have the recommendations for counsel to continue or cease investigation based on the findings in report.

Creating Different Type of Reports

In the above section, we came to know about the importance of report in digital forensics along with the guidelines for creating the same. Some of the formats in Python for creating different kind of reports are discussed below −

CSV Reports

One of the most common output formats of reports is a CSV spreadsheet report. You can create a CSV to create a report of processed data using the Python code as shown below −

First, import useful libraries for writing the spreadsheet −

from __future__ import print_function
import csv
import os
import sys

Now, call the following method −

Write_csv(TEST_DATA_LIST, ["Name", "Age", "City", "Job description"], os.getcwd())

We are using the following global variable to represent sample data types −

TEST_DATA_LIST = [["Ram", 32, Bhopal, Manager], 
   ["Raman", 42, Indore, Engg.],
   ["Mohan", 25, Chandigarh, HR], 
   ["Parkash", 45, Delhi, IT]]

Next, let us define the method to proceed for further operations. We open the file in the “w” mode and set the newline keyword argument to an empty string.

def Write_csv(data, header, output_directory, name = None):
   if name is None:
      name = "report1.csv"
   print("[+] Writing {} to {}".format(name, output_directory))
   
   with open(os.path.join(output_directory, name), "w", newline = "") as \ csvfile:
      writer = csv.writer(csvfile)
      writer.writerow(header)
      writer.writerow(data)

If you run the above script, you will get the following details stored in report1.csv file.

Name Age City Designation
Ram 32 Bhopal Managerh
Raman 42 Indore Engg
Mohan 25 Chandigarh HR
Parkash 45 Delhi IT

Excel Reports

Another common output format of reports is Excel (.xlsx) spreadsheet report. We can create table and also plot the graph by using Excel. We can create report of processed data in Excel format using Python code as shown below−

First, import XlsxWriter module for creating spreadsheet −

import xlsxwriter

Now, create a workbook object. For this, we need to use Workbook() constructor.

workbook = xlsxwriter.Workbook('report2.xlsx')

Now, create a new worksheet by using add_worksheet() module.

worksheet = workbook.add_worksheet()

Next, write the following data into the worksheet −

report2 = (['Ram', 32, ‘Bhopal’],['Mohan',25, ‘Chandigarh’] ,['Parkash',45, ‘Delhi’])

row = 0
col = 0

You can iterate over this data and write it as follows −

for item, cost in (a):
   worksheet.write(row, col, item)
   worksheet.write(row, col+1, cost)
   row + = 1

Now, let us close this Excel file by using close() method.

workbook.close()

The above script will create an Excel file named report2.xlsx having the following data −

Ram 32 Bhopal
Mohan 25 Chandigarh
Parkash 45 Delhi

Investigation Acquisition Media

It is important for an investigator to have the detailed investigative notes to accurately recall the findings or put together all the pieces of investigation. A screenshot is very useful to keep track of the steps taken for a particular investigation. With the help of the following Python code, we can take the screenshot and save it on hard disk for future use.

First, install Python module named pyscreenshot by using following command −

Pip install pyscreenshot

Now, import the necessary modules as shown −

import pyscreenshot as ImageGrab

Use the following line of code to get the screenshot −

image = ImageGrab.grab()

Use the following line of code to save the screenshot to the given location −

image.save('d:/image123.png')

Now, if you want to pop up the screenshot as a graph, you can use the following Python code −

import numpy as np
import matplotlib.pyplot as plt
import pyscreenshot as ImageGrab
imageg = ImageGrab.grab()
plt.imshow(image, cmap='gray', interpolation='bilinear')
plt.show()
Advertisements