Cipher Tech now offers training specifically developed with the the digital forensic or reverse engineering specialist in mind. In the spirit of “teaching a person to fish”, we are excited to offer our accumulated expertise in these topics to our colleagues in the Defense, Intelligence and Law Enforcement Communities.


Python for Digital Forensic Examiners

In this two day crash course, the skilled forensic examiner and budding programmer will learn to leverage the powerful yet simple Python scripting language in their day-to-day workflow. This class will help examiners:

  • Automate repetitive tasks
  • Ensure reliability and repeatability in tedious activities
  • Learn the fundamentals of clean and maintainable software design
  • Become an effective bridge between the forensic examiners and generic programmers

Students will review the Python syntax and environment, and then put their skills to use by solving a variety of realistic scripting problems that one might expect to encounter in a digital forensics lab. Students will walk away with a set of proto-typical scripts which they can reuse and customize in their day to day work. They will gain the confidence needed to tackle scripting problems on the job and will have the expertise to interface with and generate requirements for any software engineers they may have access to.

The format will be a combination of lecture and hands on exercises, featuring small class sizes (6 – 15) and a high student to instructor ratio (1:5 or better).

Date and Time:

Day 1: Sat, Oct 7, 2017, 8:00 AM – 6:00 PM

Day 2: Sun, Oct 8, 2017, 8:00 AM – 6:00 PM


Cipher Tech will provide light breakfast, lunch and unlimited caffeinated beverages.


Cipher Tech Office, Elkridge, MD

Price: $946.95 (Price reflects the discounted rate we’re running for first run of the course*)

Course Requirements:

  • Students must bring a WiFi enabled laptop.
    • Course will be taught in Windows – students using other platforms will be expected to have proficiency in that platform
    • Course will use Python 3
    • We will walk through environment setup – it is not assumed that the student has done so already
  • Students need not be proficient in, but should be familiar with Python. Completion of an overview course such as the free “Learn Python” class by CodeCademy is adequate.
  • Students should be currently employed as or be an aspiring digital forensic examiner – the sample problems will all be relevant to this discipline.


  1. Module 1: Intro and Review

    1. Lecture & Walkthrough: Python Quick Start
    2. Lecture & Walkthrough: Basic Tools for Working with Python
      1. Python Shell
      2. IDLE
      3. pip package manager
    3. Lecture: Python Syntax and Coding Techniques Review
      1. if, for, def keywords
      2. import and from directives
      3. dot notation
      4. indentation conventions
      5. formatted strings and string concatenation
      6. command line arguments and usage
      7. software development problem solving strategy
      8. useful functions: chrord, ^ (xor)
    4. Codewalk: Simple Encryption Using XOR
    5. Lecture: Discussion of Python Types and Associated Errors
    6. Lecture: Intro to PyCharm IDE
      1. Why?
      2. Major regions: project explorer, breadcrumb, tabbed editor, split/docked panes
      3. Run/debug configurations
      4. Syntax checker, style enforcement, debugger, intellisense
  2. Module 2: Working with Files and Directories Using the Core API

    1. Lecture: Querying the OS  for Information on Directories
      1. Python tuples
      2. Loops: generators / iterators
      3. Functions: os.walk
    2. Lecture: Manipulating Files, Directories, and Extensions
      1. Functions: os.path.join, os.path.split, os.path.splitext
      2. Basic Software Development Theory
    3. Lab 1: Sort Files by Extension
    4. Lecture: More File Properties
      1. Functions: os.path.getctime, os.path.getmtime
    5. Lab 2: Show Files by Time of Modification
    6. Lecture: Basic Software Development Theory
  3. Module 3: File IO

    1. Lecture: File Opening Modes
      1. Read
      2. Write
    2. Lecture: Theory of Interacting with Resources Programmatically
      1. file as an object: read, readline, write, iterable
      2. Iterating over file contents
      3. Exception handling with catch, and handle
      4. Releasing system resources: close
    3. Lecture: Writing to a CSV
      1. csv.writer
      2. csv_writer.writerow
    4. Lecture: More File Modes and Iteration Techniques
      1. text v. binary
      2. Function: read
      3. with syntax
    5. Codewalk: Guessing File Type
      1. Function: bytes.fromhex
      2. Hex string notation
  4. Module 4: Exercises in Advanced Topics

    1. Lecture: Working With Unusual Text Encodings
      1. open function with encoding parameter
      2. Python supported encodings
    2. Exercise 1: Keyword Search
    3. Lecture: Reading from a CSV
      1. Function: csv.reader
    4. Lecture: Working with KML
      1. Parsing XML
      2. Working with KML in Google Earth
    5. Lecture: Working with Timestamps
      1. Functions: datetime.strptime, datetime.isoformat
      2. Object: datetime
    6. Exercise 2: Parsing and Plotting GPS Data

Take Home Course Materials:

Apart from the lecture and in class exercises, the students will walk away with a flash drive including the following materials:

  • Lecture Slides
  • PyCharm workspace for each module above containing step-by-step solutions to all in-class labs and exercises

Our hope is that these materials can be used for reference or reused as templates in the workplace.

Letter of Request

Prospective students may wish to ask their employers to reimburse their tuition.  A convincing letter of request arguing that this training will be a good investment in the effectiveness of the team will go a long way.  Read more letters of request here, and consider downloading a template to you get you started here.

* This is the first time Cipher Tech has run this course! We are very excited to share our accumulated knowledge with our colleagues in the community.  As such, we will be offering this first course at a deep discount.  Students will be encouraged to offer critical feedback so that we can improve our process.  We will be limiting the initial class size to 8 for the inaugural run.