This repository contains each project submission for my Python Forensics Course (DFCA 772) at George Mason University. I was a student in DFCA 772 in the spring of 2019.

The projects start out as very introductory to Python, but increase in difficulty/complexity as more projects are introduced.

• HW1 - Basic Introduction to Python Concepts
• HW2 - Simple Binary and Text Searching
• HW3 - User Interaction Through three games: Math Expressions, Hex Conversions, Binary Conversions
• HW4 - Creating Unit Tests for HW2 Functions
• HW5 - Creating a parser for the Windows "setupapi.app.log" file
• HW6 - Reading and parsing PCAP files to extract the data portion of ICMP packets
• HW7 - E_THREAD and E_PROCESS block extraction from a Windows memory image
• HW8 - Retrieval of JPGs from a user provided URL, and checking for appended data
• HW9 - Parsing a PCAP file for unique IP and MAC addresses, which are saved to an sqlite3 database
• HW10 - File type detection between a bmp, txt, a specific keylog, a specific process monitoring log, and a screenshot
• HW11 - Introduction to creating Autopsy and Volatility v2 modules
• Final Project - Creation of an autopsy or volatility v2 module that is a new forensic capability, extends an existing capability, or a replication.

This software code and other works are my property and are a representation of the coursework that I completed during studies at George Mason University. This repository is for historical and educational purposes only. This software, and its dependencies, are distributed free of charge and licensed under the GNU General Public License v3. For more information about this license and the terms of use of this software, please review the LICENSE.txt file.