DFIR Python Study Group: Class 1

Class 1 - DFIR Python Study Group

Day 2. I decided to finish reading Chapter 1 before starting the study group.

Chapter 1 continues to teach us about the standard library. The standard library now makes a lot more sense to me, and I am surprised that this has never been explained in any of the classes I have taken. Modules were often included in the code, but where they came from was never taught. One thought that came to mind when learning about modules was how people keep track of them. While writing code, do you search for them? Do some memorize them? Alternatively, is this where all the stack overflow jokes come in…copy and paste.

Importing a module must be done before invoking the module. Importing was seen in yesterday’s code, where we imported the datetime module and invoked it by using it in the following line of our code.

What I found helpful in the Class 1 video was how from and import was explained. I had difficulty grasping the difference between the two and why I sometimes needed to use from in addition to import. For example, we can import the module and use the notation to call out what we need or import the function itself. Importing will come into play more when we use the sleep function in the time module.

Aside from the remarkable standard library, I also learned about the built-in data structures in Python. Data structures in Python come in many forms. Some of the popular data structures we see are lists and arrays. We can use any data when creating a list or an array. This data can be statements, single words, numbers, or both. For example, in our code from yesterday, we built a list of odd numbers and assigned it to the variable “odds.”

When we invoked the datetime module, we also invoked a submodule or attribute called today. Parenthesis must follow the submodule, and we extracted the minute from today’s date and time.

Let’s move on to our if else statement. The book explains the importance of indentation. Instead of using curly braces as seen in other languages, Python uses indentation to define blocks, or suites of code, which are introduced by colons.

The last part of our code was explained – if, else and elif. Elif was not used in our code but was described in the book as “neither”.

FOR: “Use ‘for’ when looping a known number of times”

We end the chapter with a few more goals for our code: loop for a number of times, pause the program for a specified number of seconds, and generate a random number between two provided values.

We start by indenting our block and using a for statement which instructs our program to run that block 5 times. 



Next, we import the time module, use the sleep submodule, and tell our code to pause for 5 seconds before running the block. Our results are the same as above, but we had to wait 5 seconds for it to appear.

Our last goal is to generate a random number. We are going to use the module random from the standard library to accomplish this.

AND…my question from earlier was answered… we can use ‘dir’ to query an object. Instead of using stack overflow or google, we can use dir(insert module) and it will display the attributes that can be used with that module. For some reason when I try this, the shell isn’t giving me an error, but it also isn’t displaying any information…

I figured it out. You have to put print in front of it. Print(dir(random))

We can also use help to read the Python docs for information on any of the listed attributes. I tried it with choice


Dir and help are beneficial, but I think google is faster and more practical.

I compiled everything I learned in Chapter 1. Here is the code:

I decided to add the last line so I could see how many seconds we waited. 


DFIR Python Study Group: Class 1 

Python Standard Library

Stack Overflow