Interactive Jupyter Notebooks as Friendly Interface for Digital Forensics

This tutorial explores the enhanced capabilities of Jupyter Notebooks as an intuitive and interactive platform for digital forensic analysis. Through step-by-step tasks, you will learn to utilize Jupyter Widgets to create dynamic, customizable interfaces that enhance data visualization, exploration, and manipulation. The tutorial will guide you through setting up an analytical environment, demonstrate real-world examples of forensic workflows in Jupyter Notebooks, and show you how to create an interactive Notebook for data analysis using a realistic scenario.

Workshop slides: DFRWS-Interactive_Jupyter_notebooks.pdf

Requirements

Participants should have a fundamental knowledge of Python programming and be familiar with Jupyter Notebooks, including running code cells and using markdown. Prior experience with digital forensics is not required, as the workshop will introduce relevant concepts.

Technical requirements

During the workshop, you can use our pre-prepared JupyterHub server, which has all the necessary tools installed (we will provide login credentials at the beginning of the workshop). If you prefer to work locally, make sure you have the following tools installed:

To begin the tutorial, please refer to the Preparation → Tutorial section, where you will find instructions for project setup. If you want to set up your own JupyterHub server, you can follow the step-by-step instructions in the Preparation → JupyterHub section.

Note

Please be aware that JupyterLab takes a lot of computational resources, even if it only runs through a browser. If possible, keep your laptops charged. And occasionally reload the browser tab with JupyterLab to erase the local cache.

About us

We are members of the Data Analytics group within the Cyber Security Team of Masaryk University (CSIRT-MU), where we specialize in processing and analyzing cybersecurity and digital forensics data to gain valuable insights into cybersecurity incidents.

The CSIRT-MU team is responsible for developing and maintaining ICT security at Masaryk University. With sixteen years of experience, the team handles thousands of security incidents yearly, combining operational expertise with a strong focus on innovation. Our research work is driven by the real-world needs of the University's incident handlers and the broader community, covering both user-focused and technical security aspects. This includes areas such as network traffic monitoring, big data storage and analysis, cybersecurity forensics, risk management, and forward-looking topics like predictive cybersecurity and cybersecurity autonomy.

Milan Cermak
Milan Cermak
(E-mail, LinkedIn)
Daniela Belajova
Daniela Belajova
(LinkedIn)
Rudolf Lukac
Rudolf Lukac
(LinkedIn)
Ondrej Machacek
Ondrej Machacek

If you're interested in the workshop topic and would like to discuss it further, feel free to reach out to us via e-mail or LinkedIn – we’d be happy to connect and continue the conversation.








Acknowledgement

This work was supported by the SOCCER project, funded under Grant Agreement No. 101128073, with the support of the European Cybersecurity Competence Center (ECCC).