This tool analyses PDF files for Forensic Investigations

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

PDForensic logo

PDForensic

Description

This package analyses PDF files for Forensic Investigations.

Requirements

This package require :

  • python3
  • python3 Standard Library

Installation

pip install PDForensic

Usages

Command line

python3 -m PDForensic sample.pdf
python3 PDForensic.pyz sample.pdf
PDForensic sample.pdf

PDForensic objstm.pdf --data --hexa 000102
PDForensic objstm.pdf --data --types objstm --no-csv --no-json
PDForensic objstm.pdf --data --logs 20 --regex '[0-9a-f]{32}' --no-csv --no-json
cat blank.pdf | PDForensic - *.pdf ../*.pdf https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf
PDForensic https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf --data --ids 79 83 --ids 84 --strings URI --no-csv --no-json

Python script

from PDForensic import PDForensic

class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf")
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())


class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf", process_data = True, process_tags = False, filter_ = True, strings = ["/Pages"], hexa = ["000102"], regexs = ['[0-9a-f]{32}'], types = ["xref"], ids = [2])
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.3.1

0.3.0

0.2.1

This version

0.2.0

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PDForensic-0.2.0.tar.gz (27.0 kB view details)

Uploaded Source

File details

Details for the file PDForensic-0.2.0.tar.gz.

File metadata

  • Download URL: PDForensic-0.2.0.tar.gz
  • Upload date:
  • Size: 27.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.2

File hashes

Hashes for PDForensic-0.2.0.tar.gz
Algorithm Hash digest
SHA256 226c82502bc73e2c9009c2f99ca967f57232baf54495f15f2b15fbf7aa8a20aa
MD5 f04f0dd4b84c95ceef55ffd57644ab1d
BLAKE2b-256 bbad7fb44841c802850d7706b54d501c3faa4ee395992300d2d409621c7b3e70

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page