George Mason University

Week 02: Python Introduction

▪ Presentation Topics

▪ Week02 – Python Introduction

▪ Coding Bat and Assignment 1

2
PRESENTATIONS 1 (PR1)
▪ Topics were assigned via BB – so check your grade AND my
comments
▪ Grade of 0? Read my comments and email me ASAP
▪ Grade of 0 and no comments? Did you submit topics?

▪ ALL Final Presentations on same due regardless of when you present

(check syllabus for exact date)
▪ Order of presentations will be given on the due date

▪ Some presentation topics may appear on a quiz or exam, so pay

attention to your classmates!
3
4
❑ Python Basics
❑ Know where to find Python resources
❑ When and when NOT to use Python in DFOR
❑ Understand the Programing Development Cycle
❑ Identify key libraries for DFOR
❑ Python data types: lists, tuples, dictionaries
❑ Understand working with conditional statements: Loops & If/Else
clauses
❑ Python methods/functions

5
6

Back to Basics…
▪ Guido van Rossum – creator
▪ Object-oriented, Interpreted scripting language
▪ Interactive development
▪ Lots of pre-developed standard libraries
▪ Portable
▪ Easy to learn and read

7
https://en.wikipedia.org/wiki/Python_(programming_language)
▪ www.python.org – official Python site
▪ https://www.codecademy.com/ - (free) online tutorials
▪ https://www.coursera.org – online (not always free) courses
▪ https://https://www.udemy.com/ – online (not always free)
courses
▪ https://codingbat.com/python - online exercises (free!)
▪ https://www.python.org/dev/peps/pep-0008/ - community Python
practices

8
 https://www.python.org/

https://www.jetbrains.com/pycharm/

https://www.anaconda.com/

https://www.pydev.org/index.html 9
https://wingware.com/
 Windows Command Prompt and MacOS ‘Terminal

https://www.vim.org
https://notepad-plus-plus.org/

https://atom.io/
Windows PowerShell

10
▪ Recovering deleted/corrupt files
▪ Repetitive tasks (e.g. file hashing, searches, etc.)
▪ Comparing partial and full artifacts
▪ Extracting metadata
▪ …And much more

12
https://www.python.org/
 Use Python: NOT use Python:
▪ Triage ▪ A preexisting tool is
▪ Repetitive tasks
available
▪ General case analysis
▪ Quick/simple prototype
▪ Use a preexisting tool

14
https://clipartfest.com/categories/view/5f6d1b4e501002dc76b23f4bcd5ffba37535c1d7/clipart-thumbs-up-and-down.html
 1.

2.

3.

5.
4.

15
P. Miller, C. Bryce, Learning Python for Forensics, Packt Publishing, May 2016
▪ Indentation!
▪ Four(4) spaces;
▪ <Tab>
What does PEP 8 say to use???

▪ Case Sensitive
▪ var1 ≠ vAr1

16
▪ 0 indexed language
Indices 0 1 2 ?
C F R S 5 1 0
len(gth) = 8

▪ Unknown object? Use:

▪ type(object) ▪ help(object) ▪ dir(object)

17
https://docs.python.org/3/reference/lexical_analysis.html
18
QUICK CHECK 1
1. This style guide is used for best Python best practices.
2. Name a reason to:
a. Use Python in DFOR?
b. NOT use Python in DFOR?
3. What does the ‘Plan’ stage of the development cycle consist of?
4. In Python, a variable named ‘hw1’ is the same as variable ‘hW1’?
5. Given the string: “Say Hash!”, what is the index value of the ‘H’?
6. T or F. In your Python scripts, it is OK use “global” as a variable
name?
19
20
 Library Description
os allows user to get OS information → easy OS portability
sys Functions for interacting with Interpreter
time time-related functions handled in UNIX format (e.g. epoch time)
datetime date/times functions for simple and verbose display
hashlib cryptographic hash functions
platform used to collect system information (e.g. OS, processor, etc.)

21
Data Type Symbol Im/Mutable Description

False Conditioning statement; Can be represented as 0 or 1 for False and True,

Boolean Immutable respectively.
True
File file Mutable Object that allows for reading, writing, and appending to files

Mapping dict Mutable An unordered lists of (key,value) pairs.

float Floating point numbers

Numbers Immutable
int Whole numbers; infinite length
byte Immutable A sequences of integers from 0 to 255 (Unicode in Python 2.x)
bytearray Mutable Like a byte object, but mutable
Sequence list Mutable 1,2, or + dimensional array of characters or words
str Immutable A sequence of characters
tuple Immutable 1-dimensional unchangeable, ordered list
frozenset Immutable An unchangeable set
Set
set Mutable Unordered collection of unique objects 22
▪ Ordered mutable sequence type
▪ available methods?

▪ Creating lists:

▪ Reading elements in a list

23
▪ Ordered, immutable sequences;
▪ available methods?

▪ Adding elements to a tuple

▪ Similar to list, we access elements in a tuple by

24
▪ Unordered mutable sequence type – (key, value) pairs
▪ methods?
▪ Adding items to a dictionary:

25
▪ Accessing data from a dictionary:

26
Operation Description Operation Description
Add 1. Mathematical operand to add numbers; Assignment Assigns operator: var1 = ‘hello’
+ 2. Combine same-type data. =
Subtract Mathematical operand to subtract numbers Equality Checks if objects are of equal value
- ==
Divide Division operator Inequality Checking if items do not equal the same
/ != or <>
Multiply 1. Multiplication operator for numbers Greater than Returns true if value on left side is greater
* 2. String repetition operator > than the value on the right
Exponent Power (exponent) operator Lesser than Returns true if value on left side is lesser
** < than the value on the right
Modulus Returns the remainder of the divided
% numbers

27
▪ Casting the variable as the desired data type. For instance:

▪ However, we want the integer value

▪ What does type(thisString) return now?

▪ Note: not all conversions are valid

28
 ▪ Common conversion methods
Method Description
str(), int(), float(), list(), Basic class constructs
set(), tuple(), dict()
bin(), hex(), oct() Converts an integer to binary (bin), base 16 (hex)
or base 8 (oct) notation
chr() Converts an integer to ASCII
ord() Converts a character to its ASCII representation
bytes(object, encoding) Converts object into bytes
29
QUICK CHECK 2
1. Declare an empty:
a. List
b. Tuple
c. Dictionary

2. Given varQuick2b = [“Python”, “is”, “Fun!”, “and”, “easy”]

what is the command to print “is, Fun!”?
3. What is the command to print all of the keys in a dictionary?
4. Given varQuick2d = 510, how do we print this variable as a
string?
30
31

Loops & If/Else Clauses

 For loops: While loops:
▪ Executes for a finite ▪ Runs as long as the
number of iterations condition is true
▪ Potential issues?

Samples: Samples:

32
If statements Else-if statement

33
34
▪ Reusable blocks of code

▪ Can take in input and return and output… or not

▪ Initialed by using def, followed by the function name, and

any input parameters

▪ If returning a value, ends with ‘return <variable>’

35
36
QUICK CHECK 3
1. If not handled properly, this conditional statement can result
in an infinite loop!
2. T or F. Function blocks can only be used from within the local
script (e.g. the program file it is written in).
3. A function is declared with what reserved word?
4. T or F. A function must take input and return an output.

37
▪ Due Thursday, 16-September-2021 @ 7pm (EST)

▪ Complete String-1 and List-1 exercises

▪ Be sure you give me (bdougla4@gmu.edu) permission

before the due date
▪ Login to Coding Bat (https://codingbat.com/python)
▪ Click “prefs” → Enter my address in the “Teacher Share”
section → Click “Share”
38
HW1 – IMAGING & SANITIZING
▪ Due in 2 week
▪ Write-up should include:
▪ Executive Summary (1 – 2 concise and descriptive
paragraphs)
▪ Environment Setup (e.g. tools and versions used)
▪ Note any issues
▪ Snapshots
▪ Create forensic report within your analysis tool (e.g. FTK,
Autopsy, etc.)

▪ Submit on BB:
39
▪ Write up (.pdf, .doc, etc) – do not ZIP file
▪ Hard drives, File Systems, Operating System artifacts (Windows)

▪ Please install:
▪ Image analysis tool (you have to do this for HW1)
▪ FTK, Sleuthkit Autopsy, OSForensics (whatever you prefer)
▪ Prefetch File Analyzer (e.g. WinPreFetchView) – only works on
Windows OSs.
▪ Registry View (e.g. Access Data Registry Viewer)
▪ If on MacOS – you may want to install a Virtual Machine
▪ Download VMWare Workstation Pro for free here
40
Python Resources
1. www.python.org – official Python site
2. https://www.codecademy.com/ - free online tutorials
3. http://www.coursera.org – online (not always free) courses
4. https://codingbat.com/python - online exercises (free!)
5. https://www.python.org/dev/peps/pep-0008/ - community Python practices

Data Types, Operators

6. https://www.geeksforgeeks.org/byte-objects-vs-string-python/
7. https://www.tutorialspoint.com/python/python_basic_operators.htm

Character Encoding
8. https://www.joelonsoftware.com/2003/10/08/the-absolute-minimum-every-software-developer-absolutely-positively-must-know-about-
unicode-and-character-sets-no-excuses/
9. http://tutorials.jenkov.com/unicode/utf-8.html
10. https://www.rapidtables.com/web/html/html-codes.html
11. http://www.unicode.org/charts/ (Unicode Charts)
12. https://www.youtube.com/watch?v=-n2nlPHEMG8&feature=youtu.be (Unicode)

41
42
BITS & CHARACTERS
▪ Every character (e.g. “C”) is represented by a code point
(numerical value)
▪ Depending on encoding scheme, characters can be stored
using 1 or more bytes.
▪ ASCII: 8-bit representation (1 byte representation)
▪ Unicode Transformation Format (UTF):
▪ UTF–8: 8 bit code encoding scheme – uses 1, 2, 3, or 4 bytes per
character
▪ UTF-16: 16 bit code unit representation – uses 2, 3, or 4 bytes per
character

Remember: 1 byte = 8 bits 43

BITS & CHARACTERS
“C” Represented as:

Dec Hex Binary

ASCII 67 0x43 0100 0011
UTF-16 67 0x00 43 0000 0000 0100 0011

44
45
Decimal (base 10) Binary (base 2) Octal (base 8) Hexadecimal (base 16)

0 0000 000 0
1 0001 001 1
2 0010 002 2
3 0011 003 3
4 0100 004 4
5 0101 005 5
6 0110 006 6
7 0111 007 7
8 1000 010 8
9 1001 011 9
10 1010 012 A
11 1011 013 B
12 1100 014 C
13 1101 015 D
14 1110 016 E
15 1111 017 F 46
▪ MD5 – 128 bit output which also translates to 32 character output (hexadecimal
characters that is!)
▪ SHA-1 – 160 bit hash which is a 40 character output

Example – CFRS510 hash is 16 bit output → 4 hex character output

Visual Proof Mathematical Proof
16 bit output : 1011 0001 0011 1101
Hex representation: B 1 3 D 16 bit (output)
4 bit/ 1 hex char) = 4 hex char

4 hexadecimal characters!

Again reminder: 1 byte = 8 bits AND 4 bits represent a Hex character 47