Title: Python Programming for Computer Forensics Investigators
Duration: 1 week

Course Aim

The aim of this course is to provide participants with the skills required to develop their own Python programs for automating forensic processes and gathering open source intelligence.

Prerequisites

This course is intended for Law Enforcement Investigators who have no knowledge of Python programming. In fact, it has been designed for participants who have no experience of using any type of computer programming language at all.

Since it would be difficult to address anything more than the fundamental concepts of programming during a 5-day course, the training also consists of an e-learning component that has been designed to introduce these fundamental topics.

Therefore, participants who undertake the 5 days “in-class” training course should complete this pre-read material and already be able to develop basic Python scripts. The benefit of this approach is that more time can be spent in class developing more complex programs that can be used to conduct forensic tasks and automate investigative procedures.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

• Utilize fundamental programming concepts such as datatypes, user interaction, selection, iteration, file read/write operations etc.
• Create scripts that can access and analyse SQLite databases
• Develop complex regular expressions in Python for tasks such as log file parsing
• Read and write Unicode data for tasks such as using Python to extract text from docx files
• Use Python to extend the functionality of existing forensic tools
• Request and download website content and monitor websites for changes
• Automate the gathering and visualisation of open source information from the Internet