This tool analyses PDF files for Forensic Investigations

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

PDForensic logo

PDForensic

Description

This package analyses PDF files for Forensic Investigations.

Requirements

This package require :

  • python3
  • python3 Standard Library

Installation

pip install PDForensic

Usages

Command line

python3 -m PDForensic sample.pdf
python3 PDForensic.pyz sample.pdf
PDForensic sample.pdf

PDForensic objstm.pdf --data --hexa 000102
PDForensic objstm.pdf --data --types objstm --no-csv --no-json
PDForensic objstm.pdf --data --logs 20 --regex '[0-9a-f]{32}' --no-csv --no-json
cat blank.pdf | PDForensic - *.pdf ../*.pdf https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf
PDForensic https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf --data --ids 79 83 --ids 84 --strings URI --no-csv --no-json

Python script

from PDForensic import PDForensic

class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf")
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())


class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf", process_data = True, process_tags = False, filter_ = True, strings = ["/Pages"], hexa = ["000102"], regexs = ['[0-9a-f]{32}'], types = ["xref"], ids = [2])
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.3.1

0.3.0

0.2.1

0.2.0

0.1.0

This version

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PDForensic-0.0.2.tar.gz (23.6 kB view details)

Uploaded Source

File details

Details for the file PDForensic-0.0.2.tar.gz.

File metadata

  • Download URL: PDForensic-0.0.2.tar.gz
  • Upload date:
  • Size: 23.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.1

File hashes

Hashes for PDForensic-0.0.2.tar.gz
Algorithm Hash digest
SHA256 afdc8a3c2b326aadb01b0ee78194586eab8022ab0c3a11ce2f86c7e2cb8e1efc
MD5 561753f56773ee078f95f6a7ad10dbf0
BLAKE2b-256 33c7a71cd04cd74797668feddcf617898c3d6325c9844d035ac1609608b294d5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page