This tool analyses PDF files for Forensic Investigations

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

PDForensic logo

PDForensic

Description

This package analyses PDF files for Forensic Investigations.

Requirements

This package require :

  • python3
  • python3 Standard Library

Installation

pip install PDForensic

Usages

Command line

python3 -m PDForensic sample.pdf
python3 PDForensic.pyz sample.pdf
PDForensic sample.pdf

PDForensic objstm.pdf --data --hexa 000102
PDForensic objstm.pdf --data --types objstm --no-csv --no-json
PDForensic objstm.pdf --data --logs 20 --regex '[0-9a-f]{32}' --no-csv --no-json
cat blank.pdf | PDForensic - *.pdf ../*.pdf https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf
PDForensic https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf --data --ids 79 83 --ids 84 --strings URI --no-csv --no-json

Python script

from PDForensic import PDForensic

class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf")
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())


class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf", process_data = True, process_tags = False, filter_ = True, strings = ["/Pages"], hexa = ["000102"], regexs = ['[0-9a-f]{32}'], types = ["xref"], ids = [2])
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic , PDF , Portable Document Format , ISO 32000 , Investigations , Parser , Analysis , Security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.3.1

0.3.0

This version

0.2.1

0.2.0

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PDForensic-0.2.1.tar.gz (27.1 kB view details)

Uploaded Source

File details

Details for the file PDForensic-0.2.1.tar.gz.

File metadata

  • Download URL: PDForensic-0.2.1.tar.gz
  • Upload date:
  • Size: 27.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.7

File hashes

Hashes for PDForensic-0.2.1.tar.gz
Algorithm Hash digest
SHA256 7d07ade1fdb5e18b4135f8108595e926d2715a91bc5b5338a7b8c27906690bb8
MD5 83b0ffa512be3b348601abd24b50db8d
BLAKE2b-256 d0c534fd33a886bed1ca0dc44d6ae8f58578e8e4da8cea31702299e7dffd5fa7

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page