[ds4n6_lib] Overview

To get a general idea of what the ds4n6_lib is and how it can help you, please read this blog post.

• Easy to Use: While the library itself is pretty complex, with some pretty advanced underlying concepts and technologies, one of our main objectives has been to make it simple, so an average Forensicator can use its capabilities even if she doesn't know python. We also want the average forensicator to have an easy transition so they can use the environment in a similar way as traditional tools, while it opens the door to a new world of flexibility and analysis power. That's why:
  • Learning only 10 commands is enough to take advantage of most of the standard features.
  • We've been working hard to integrate GUI components wherever possible (dropdown menus, buttons, excel-like analysis front-ends, etc.)
• Simplicity: the number of commands you need to use is minimal, the library hides a lot of the complexity of the python & DS world. Of course you will need to learn more as you go, but this lowers the bar to start easily and get quick wins.
• Integration: you can import the data from multiple different analysis tools (kape, kansa, etc.).
• Knowledge Enrichment: the library incorporates knowledge information that enriches the output of analysis tools (e.g. for Windows events, it will show the description of the eventID, it will add the corresponding description of the LogonTypes numbers, etc.).
• One platform that rules them all: the forensicator will now be able to use a single environment (Jupyter) to analyse all the output from all the different tools (kansa, kape, plaso, volatility, etc.).
• Limitations: With pandas everything is loaded into memory, so you will be limited to the amount of memory you have. But honestly, in today's world, buying a Laptop with 64GB+ of RAM, or a PC with 256GB is not that expensive and will take you a long way!