DFRWS EU 2024 Workshop: Python toolbox for mobile forensics

Date and Time:
Tuesday, March 19, 08:45 – 10:45

This workshop is hybrid (online and face-to-face).

Description:

Writing your own Python scripts to find, parse, and analyze mobile artifacts is not only great when there is no commercial tool support for a particular application or for verifying other tools. It can also be a quicker way to get to the actual data or artifact if you already know what you want.

The workshop will first give the participants some basic Python tools to interact with data extracted from a mobile device, such as searching for files or patterns and interacting with common file types and databases. Then, create some functions with these tools. We then use these functions, chaining them together to get to the actual artifact. As you probably know already, many artifacts are data within structures within structures (A value in a Plist in a SQLite database). We build some simple scripts at a very basic level without the most complicated artifacts or Python syntax.

The workshop will mainly focus on artifacts from iOS. However, much of the methodology and code can also be used on Android artifacts.

The workshop is a perfect companion for the workshop: Third-Party App Analysis Methodologies in Mobile Forensic Investigations. You get the methodology there, and in this workshop, you can take your first steps to write your scripts.

Preparation Details:

Even though this workshop is at a basic level, it is not a basic Python workshop, and some experience with Python (or other similar language) is required to make the most of the session. A Python IDE (such as PyCharm or Visual Studio Code) is also recommended.

Workshop organiser:

Johan Wallengren (Halmstad University)

Johan Wallengren works as an Operations Developer and Digital Forensic Expert at the Swedish Police – National Forensic Centre and a small part as a Research Engineer at Halmstad University. Johan has eight years of experience with digital forensics, most of which he spent on law enforcement casework. For the last couple of years, he has been primarily working with training and education, where he has developed courses and been training academic students, law enforcement officers, and digital forensic experts within the areas of Digital Forensics, Ethical Hacking, and Cybercrime. For the last one and a half years, he has also been working with strategy and planning for competence development and assurance for digital forensics within the Swedish Police.