This tool analyses PDF files for Forensic Investigations

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

PDForensic logo

PDForensic

Description

This package analyses PDF files for Forensic Investigations.

Requirements

This package require :

  • python3
  • python3 Standard Library

Installation

pip install PDForensic

Usages

Command line

python3 -m PDForensic sample.pdf
python3 PDForensic.pyz sample.pdf
PDForensic sample.pdf

PDForensic objstm.pdf --data --hexa 000102
PDForensic objstm.pdf --data --types objstm --no-csv --no-json
PDForensic objstm.pdf --data --logs 20 --regex '[0-9a-f]{32}' --no-csv --no-json
cat blank.pdf | PDForensic - *.pdf ../*.pdf https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf
PDForensic https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf --data --ids 79 83 --ids 84 --strings URI --no-csv --no-json

Python script

from PDForensic import PDForensic

class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf")
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())


class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf", process_data = True, process_tags = False, filter_ = True, strings = ["/Pages"], hexa = ["000102"], regexs = ['[0-9a-f]{32}'], types = ["xref"], ids = [2])
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.3.1

0.3.0

0.2.1

0.2.0

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pdforensic-0.3.1.tar.gz (27.4 kB view details)

Uploaded Source

File details

Details for the file pdforensic-0.3.1.tar.gz.

File metadata

  • Download URL: pdforensic-0.3.1.tar.gz
  • Upload date:
  • Size: 27.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.13.2

File hashes

Hashes for pdforensic-0.3.1.tar.gz
Algorithm Hash digest
SHA256 19e59817357e5b33be506702e214a291ed904e84fbd4b2e4532525745609ef97
MD5 55f70c3fd9ad033ce1172cc089444ff5
BLAKE2b-256 d5c17ec6829d385a19c8ac0e3121a60cf648b2d4708f237547856a95724efeec

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page