This tool analyses PDF files for Forensic Investigations

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic, PDF, Portable Document Format, ISO 32000, Investigations, Parser, Analysis, Security
  • Requires: Python >=3.8
Classifiers

Project description

PDForensic logo

PDForensic

Description

This package analyses PDF files for Forensic Investigations.

Requirements

This package require :

  • python3
  • python3 Standard Library

Installation

pip install PDForensic

Usages

Command line

python3 -m PDForensic sample.pdf
python3 PDForensic.pyz sample.pdf
PDForensic sample.pdf

PDForensic objstm.pdf --data --hexa 000102
PDForensic objstm.pdf --data --types objstm --no-csv --no-json
PDForensic objstm.pdf --data --logs 20 --regex '[0-9a-f]{32}' --no-csv --no-json
cat blank.pdf | PDForensic - *.pdf ../*.pdf https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf
PDForensic https://www.pdfscripting.com/public/FreeStuff/PDFSamples/TheFlyv3_EN4Rdr.pdf --data --ids 79 83 --ids 84 --strings URI --no-csv --no-json

Python script

from PDForensic import PDForensic

class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf")
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())


class MyPDFparser(PDForensic):
    def __init__(self):
        super().__init__("objstm.pdf", process_data = True, process_tags = False, filter_ = True, strings = ["/Pages"], hexa = ["000102"], regexs = ['[0-9a-f]{32}'], types = ["xref"], ids = [2])
    def handle(self, type_: str, data: bytes, typename: str = "") -> None:
        print(type_, data, typename)
parser = MyPDFparser()
parser.parse()
print(parser.report())

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0 License)
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags Forensic, PDF, Portable Document Format, ISO 32000, Investigations, Parser, Analysis, Security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.3.0

0.2.1

0.2.0

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pdforensic-0.3.0.tar.gz (27.4 kB view details)

Uploaded Source

File details

Details for the file pdforensic-0.3.0.tar.gz.

File metadata

  • Download URL: pdforensic-0.3.0.tar.gz
  • Upload date:
  • Size: 27.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.0 CPython/3.11.9

File hashes

Hashes for pdforensic-0.3.0.tar.gz
Algorithm Hash digest
SHA256 8aa159227984a68b23421d0e9eb72e78a1cdca899aa8a966355407058d519edc
MD5 8857169cfd42eed63f6ad56cbf447d65
BLAKE2b-256 44ab49a05e5876176a689f9e88bad536412cae385c444645fd9a008a9ebb626c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page