Mastering Python forensics : master the

art of digital forensics and analysis with

Python First Published October 2015
Edition Uhrmann
Visit to download the full and correct content document:
https://textbookfull.com/product/mastering-python-forensics-master-the-art-of-digital-f
orensics-and-analysis-with-python-first-published-october-2015-edition-uhrmann/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Python Digital Forensics Cookbook Effective Python

recipes for digital investigations 1st Edition Preston
Miller

https://textbookfull.com/product/python-digital-forensics-
cookbook-effective-python-recipes-for-digital-investigations-1st-
edition-preston-miller/

FOR500 1 Windows Digital Forensics and Advanced Data

Triage FOR500 2 Core Windows Forensics Part 1 Windows
Registry Forensics and Analysis Sans Institute

https://textbookfull.com/product/for500-1-windows-digital-
forensics-and-advanced-data-triage-for500-2-core-windows-
forensics-part-1-windows-registry-forensics-and-analysis-sans-
institute/

Digital Forensics with Kali Linux Enhance your

investigation skills by performing network and memory
forensics with Kali Linux 3rd Edition Parasram

https://textbookfull.com/product/digital-forensics-with-kali-
linux-enhance-your-investigation-skills-by-performing-network-
and-memory-forensics-with-kali-linux-3rd-edition-parasram/

Digital Forensics 1st Edition André Årnes (Editor)

https://textbookfull.com/product/digital-forensics-1st-edition-
andre-arnes-editor/
Practical Mobile Forensics A hands on guide to
mastering mobile forensics for the iOS Android and the
Windows Phone platforms 3rd Edition Rohit Tamma

https://textbookfull.com/product/practical-mobile-forensics-a-
hands-on-guide-to-mastering-mobile-forensics-for-the-ios-android-
and-the-windows-phone-platforms-3rd-edition-rohit-tamma/

Mastering Large Datasets with Python Parallelize and

Distribute Your Python Code 1st Edition John T Wolohan

https://textbookfull.com/product/mastering-large-datasets-with-
python-parallelize-and-distribute-your-python-code-1st-edition-
john-t-wolohan/

Cybercrime and Digital Forensics An Introduction Thomas

J. Holt

https://textbookfull.com/product/cybercrime-and-digital-
forensics-an-introduction-thomas-j-holt/

Mastering Time Series Analysis and Forecasting with

Python Bridging Theory and Practice Through Insights
Techniques and Tools for Effective Time Series Analysis
in Python 1st Edition Sulekha Aloorravi
https://textbookfull.com/product/mastering-time-series-analysis-
and-forecasting-with-python-bridging-theory-and-practice-through-
insights-techniques-and-tools-for-effective-time-series-analysis-
in-python-1st-edition-sulekha-aloorravi/

A Python Data Analyst’s Toolkit: Learn Python and

Python-based Libraries with Applications in Data
Analysis and Statistics Gayathri Rajagopalan

https://textbookfull.com/product/a-python-data-analysts-toolkit-
learn-python-and-python-based-libraries-with-applications-in-
data-analysis-and-statistics-gayathri-rajagopalan/
Table of Contents
Mastering Python Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Setting Up the Lab and Introduction to Python ctypes
Setting up the Lab
Ubuntu
Python virtual environment (virtualenv)
Introduction to Python ctypes
Working with Dynamic Link Libraries
C data types
Defining Unions and Structures
Summary
2. Forensic Algorithms
Algorithms
MD5
SHA256
 SSDEEP
Supporting the chain of custody
Creating hash sums of full disk images
Creating hash sums of directory trees
Real-world scenarios
Mobile Malware
NSRLquery
Downloading and installing nsrlsvr
Writing a client for nsrlsvr in Python
Summary
3. Using Python for Windows and Linux Forensics
Analyzing the Windows Event Log
The Windows Event Log
Interesting Events
Parsing the Event Log for IOC
The python-evtx parser
The plaso and log2timeline tools
Analyzing the Windows Registry
Windows Registry Structure
Parsing the Registry for IOC
Connected USB Devices
User histories
Startup programs
System Information
Shim Cache Parser
Implementing Linux specific checks
Checking the integrity of local user credentials
Analyzing file meta information
Understanding inode
Reading basic file metadata with Python
Evaluating POSIX ACLs with Python
Reading file capabilities with Python
Clustering file information
Creating histograms
Advanced histogram techniques
Summary
4. Using Python for Network Forensics
Using Dshell during an investigation
Using Scapy during an investigation
Summary
5. Using Python for Virtualization Forensics
Considering virtualization as a new attack surface
Virtualization as an additional layer of abstraction
Creation of rogue machines
Cloning of systems
Searching for misuse of virtual resources
Detecting rogue network interfaces
Detecting direct hardware access
Using virtualization as a source of evidence
Creating forensic copies of RAM content
Using snapshots as disk images
Capturing network traffic
Summary
6. Using Python for Mobile Forensics
The investigative model for smartphones
Android
Manual Examination
Automated Examination with the help of ADEL
Idea behind the system
Implementation and system workflow
Working with ADEL
Movement profiles
Apple iOS
Getting the Keychain from a jailbroken iDevice
Manual Examination with libimobiledevice
Summary
7. Using Python for Memory Forensics
Understanding Volatility basics
Using Volatility on Android
LiME and the recovery image
Volatility for Android
Reconstructing data for Android
 Call history
Keyboard cache
Using Volatility on Linux
Memory acquisition
Volatility for Linux
Reconstructing data for Linux
Analyzing processes and modules
Analyzing networking information
Malware hunting with the help of YARA
Summary
Where to go from here
Index
Mastering Python Forensics
Mastering Python Forensics
Copyright © 2015 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored

in a retrieval system, or transmitted in any form or by any means,
without the prior written permission of the publisher, except in the
case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure
the accuracy of the information presented. However, the information
contained in this book is sold without warranty, either express or
implied. Neither the authors, nor Packt Publishing, and its dealers
and distributors will be held liable for any damages caused or
alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information

about all of the companies and products mentioned in this book by
the appropriate use of capitals. However, Packt Publishing cannot
guarantee the accuracy of this information.

First published: October 2015

Production reference: 1261015

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78398-804-4

www.packtpub.com
Credits
Authors

Dr. Michael Spreitzenbarth

Dr. Johann Uhrmann

Reviewers

Richard Marsden

Puneet Narula

Yves Vandermeer

Commissioning Editor

Kartikey Pandey

Acquisition Editor

Sonali Vernekar

Content Development Editor

Shweta Pant

Technical Editor

Pranil Pathare

Copy Editor

Vibha Shukla

Project Coordinator
Shipra Chawhan

Proofreader

Safis Editing

Indexer

Mariammal Chettiyar

Production Coordinator

Arvindkumar Gupta

Cover Work

Arvindkumar Gupta
About the Authors
Dr. Michael Spreitzenbarth holds a degree of doctor of
engineering in IT security from the University of Erlangen-
Nuremberg and is a CISSP as well as a GMOB. He has been an IT
security consultant at a worldwide operating CERT for more than
three years and has worked as a freelancer in the field of mobile
phone forensics, malware analysis, and IT security consultancy for
more than six years. Since the last four years, he has been giving
talks and lectures in the fields of forensics and mobile security at
various universities and in the private sector.

I would like to thank everyone who has encouraged me while

writing this book, especially my wife for her great support. I
would also like to thank all the authors of the used open source
tools— without your help, this book wouldn't have been possible.

Dr. Johann Uhrmann holds a degree in computer science from the

University of Applied Sciences Landshut and a doctor of engineering
from the University of the German Federal Armed Forces. He has
more than ten years of experience in software development, which
includes working for start-ups, institutional research, and corporate
environment. Johann has several years of experience in incident
handling and IT governance, focusing on Linux and Cloud
environments.

First of all, I would like to thank my wife, Daniela, for her moral
support and willingness to give up on some family time while I
was writing. I also would like to thank my coauthor and
colleague, Dr. Michael Spreitzenbarth, for talking me into writing
this book and handling a great deal of the organizational
overhead of such a project. Furthermore, the great people
working on all the open source software projects that we used
and mentioned in this book deserve credit. You are the guys who
keep the IT world spinning.
About the Reviewers
Richard Marsden has over twenty years of professional experience
in software development. After starting in the fields of geophysics
and oil exploration, he has spent the last twelve years running the
Winwaed Software Technology LLC, an independent software vendor.
Winwaed specializes in geospatial tools and applications, which
include web applications, and operates the http://www.mapping-
tools.com website for tools and add-ins for geospatial products, such
as Caliper's Maptitude and Microsoft's MapPoint.

Richard was also a technical reviewer for Python Geospatial

Development, and Python Geospatial Analysis Essentials, both
written by Erik Westra, Packt Publishing.

Puneet Narula is currently working as PPC Data Analyst with

Hostelworld.com Ltd (http://www.hostelworld.com/), Dublin, Ireland,
where he analyzes massive clickstream data from direct and affiliate
sources and provides insight to the digital marketing team. He uses
RapidMiner, R, and Python for the exploratory and predictive
analysis. His areas of expertise are programming in Python and R,
machine learning, data analysis and Tableau.

He started his career in banking and finance and then moved to the
ever growing domain of data and analytics.

He earned MSc in computing (data analytics) from Dublin Institute of

Technology, Dublin, Ireland. He has reviewed the books: Python
Data Analysis, by Ivan Idris, Packt Publishing and Python Geospatial
Analysis Essentials, by Erik Westra, Packt Publishing.

Yves Vandermeer is a police officer working for the Belgian

Federal Police. He has been involved in major investigations since
1997, where he contributed to recovering digital evidence. Owning a
MSc in computer forensics, Yves is also a trainer on several topics
such as filesystems and network forensics for several law
enforcement agencies.

Chairing the European Cybercrime Training and Education Group,

E.C.T.E.G., since 2013, Yves supports the creation of training
materials that are focused on the understanding of the concepts
applied in practical exercises.

Using his experience, he developed forensic software tools for law

enforcement and contributed to several advisory groups related to IT
crime and IT forensics.
www.PacktPub.com
Support files, eBooks,
discount offers, and more
For support files and downloads related to your book, please visit
www.PacktPub.com.

Did you know that Packt offers eBook versions of every book
published, with PDF and ePub files available? You can upgrade to the
eBook version at www.PacktPub.com and as a print book customer,
you are entitled to a discount on the eBook copy. Get in touch with
us at <service@packtpub.com> for more details.

At www.PacktPub.com, you can also read a collection of free

technical articles, sign up for a range of free newsletters and receive
exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is

Packt's online digital book library. Here, you can search, access, and
read Packt's entire library of books.

Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
 On demand and accessible via a web browser
Free access for Packt account
holders
If you have an account with Packt at www.PacktPub.com, you can
use this to access PacktLib today and view 9 entirely free books.
Simply use your login credentials for immediate access.
Preface
Today, information technology is a part of almost everything that
surrounds us. These are the systems that we wear and that support
us in building and running cities, companies, our personal online
shopping tours, and our friendships. These systems are attractive to
use—and abuse. Consequently, all criminal fields such as theft,
fraud, blackmailing, and so on expanded to the IT. Nowadays, this is
a multi-billion, criminal, global shadow industry.

Can a single person spot traces of criminal or suspicious activity

conducted by a multi-billion, criminal, global shadow industry? Well,
sometimes you can. To analyze the modern crime, you do not need
magnifying glasses and lifting fingerprints off wine bottles. Instead,
we will see how to apply your Python skills to get a close look at the
most promising spots on a file system and take digital fingerprints
from the traces left behind by hackers.

As authors, we believe in the strength of examples over dusty

theory. This is why we provide samples for forensic tooling and
scripts, which are short enough to be understood by the average
Python programmer, yet usable tools and building blocks for real-
world IT forensics.

Are you ready to turn suspicion into hard facts?

What this book covers
Chapter 1, Setting Up the Lab and Introduction to Python ctypes,
covers how to set up your environment to follow the examples that
are provided in this book. We will take a look at the various Python
modules that support our forensic analyses. With ctypes, we provide
the means to go beyond Python modules and leverage the
capabilities of native system libraries.

Chapter 2, Forensic Algorithms, provides you with the digital

equivalent of taking fingerprints. Just like in the case of classic
fingerprints, we will show you how to compare the digital
fingerprints with a huge registry of the known good and bad
samples. This will support you in focusing your analysis and
providing a proof of forensical soundness.

Chapter 3, Using Python for Windows and Linux Forensics, is the first
step on your journey to understanding digital evidence. We will
provide examples to detect signs of compromise on Windows and
Linux systems. We will conclude the chapter with an example on
how to use machine learning algorithms in the forensic analysis.

Chapter 4, Using Python for Network Forensics, is all about capturing

and analyzing network traffic. With the provided tools, you can
search and analyze the network traffic for signs of exfiltration or
signature of malware communication.

Chapter 5, Using Python for Virtualization Forensics, explains how

modern virtualization concepts can be used by the attacker and
forensic analyst. Consequently, we will show how to find traces of
malicious behavior on the hypervisor level and utilize the
virtualization layer as a reliable source of forensic data.

Chapter 6, Using Python for Mobile Forensics, will give you an insight
on how to retrieve and analyze forensic data from mobile devices.
The examples will include analyzing Android devices as well as Apple
iOS devices.

Chapter 7, Using Python for Memory Forensics, demonstrates how to

retrieve memory snapshots and analyze these RAM images
forensically with Linux and Android. With the help of tools such as
LiME and Volatility, we will demonstrate how to extract information
from the system memory.
What you need for this book
All you need for this book is a Linux workstation with a Python 2.7
environment and a working Internet connection. Chapter 1, Setting
Up the Lab and Introduction to Python ctypes, will guide you
through the installation of the additional Python modules and tools.
All of our used tools are freely available from the Internet. The
source code of our samples is available from Packt Publishing.

To follow the examples of Chapter 5, Using Python for Virtualization

Forensics, you may want to set up a virtualization environment with
VMware vSphere. The required software is available from VMware as
time-limited trial version without any functional constraints.

While not strictly required, we recommend trying some of the

examples of Chapter 6, Using Python for Mobile Forensics, on
discarded mobile devices. For your first experiments, please refrain
from using personal or business phones that are actually in use.
Who this book is for
This book is for IT administrators, IT operations, and analysts who
want to gain profound skills in the collection and analysis of digital
evidence. If you are already a forensic expert, this book will help you
to expand your knowledge in new areas such as virtualization or
mobile devices.

To get the most out of this book, you should have decent skills in
Python and understand at least some inner workings of your forensic
targets. For example, some file system details.
Conventions
In this book, you will find a number of text styles that distinguish
between different kinds of information. Here are some examples of
these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames,

file extensions, pathnames, dummy URLs, user input, and Twitter
handles are shown as follows: "Note that in the case of Windows,
msvcrt is the MS standard C library containing most of the standard
C functions and uses the cdecl calling convention (on Linux systems,
the similar library would be libc.so.6)."

A block of code is set as follows:

def multi_hash(filename):
"""Calculates the md5 and sha256 hashes
of the specified file and returns a list
containing the hash sums as hex strings."""

When we wish to draw your attention to a particular part of a code

block, the relevant lines or items are set in bold:

<Event
xmlns="http://schemas.microsoft.com/win/2004/08/ev
ents/event"><System><Provider Name="Microsoft-
Windows-Security-Auditing" Guid="54849625-5478-
4994-a5ba-3e3b0328c30d"></Provider>
<EventID Qualifiers="">4724</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13824</Task>

Any command-line input or output is written as follows:

user@lab:~$ virtualenv labenv

 New python executable in labenv/bin/python
Installing setuptools, pip...done.

New terms and important words are shown in bold. Words that
you see on the screen, for example, in menus or dialog boxes,
appear in the text like this: "When asked to Select System Logs,
ensure that all log types are selected."

Note
Warnings or important notes appear in a box like this.

Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what
you think about this book—what you liked or disliked. Reader
feedback is important for us as it helps us develop titles that you will
really get the most out of.

To send us general feedback, simply e-mail

<feedback@packtpub.com>, and mention the book's title in the subject
of your message.

If there is a topic that you have expertise in and you are interested
in either writing or contributing to a book, see our author guide at
www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a
number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files from your account at
http://www.packtpub.com for all the Packt Publishing books you
have purchased. If you purchased this book elsewhere, you can visit
http://www.packtpub.com/support and register to have the files e-
mailed directly to you.

Errata
Although we have taken every care to ensure the accuracy of our
content, mistakes do happen. If you find a mistake in one of our
books—maybe a mistake in the text or the code—we would be
grateful if you could report this to us. By doing so, you can save
other readers from frustration and help us improve subsequent
versions of this book. If you find any errata, please report them by
visiting http://www.packtpub.com/submit-errata, selecting your
book, clicking on the Errata Submission Form link, and entering
the details of your errata. Once your errata are verified, your
submission will be accepted and the errata will be uploaded to our
website or added to any list of existing errata under the Errata
section of that title.

To view the previously submitted errata, go to

https://www.packtpub.com/books/content/support and enter the
name of the book in the search field. The required information will
appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem
across all media. At Packt, we take the protection of our copyright
and licenses very seriously. If you come across any illegal copies of
our works in any form on the Internet, please provide us with the
location address or website name immediately so that we can
pursue a remedy.

Please contact us at <copyright@packtpub.com> with a link to the

suspected pirated material.

We appreciate your help in protecting our authors and our ability to

bring you valuable content.

Questions
If you have a problem with any aspect of this book, you can contact
us at <questions@packtpub.com>, and we will do our best to address
the problem.
Chapter 1. Setting Up the Lab
and Introduction to Python
ctypes
Cyber Security and Digital Forensics are two topics of increasing
importance. Digital forensics especially, is getting more and more
important, not only during law enforcement investigations, but also
in the field of incident response. During all of the previously
mentioned investigations, it's fundamental to get to know the root
cause of a security breach, malfunction of a system, or a crime.
Digital forensics plays a major role in overcoming these challenges.

In this book, we will teach you how to build your own lab and
perform profound digital forensic investigations, which originate from
a large range of platforms and systems, with the help of Python. We
will start with common Windows and Linux desktop machines, then
move forward to cloud and virtualization platforms, and end up with
mobile phones. We will not only show you how to examine the data
at rest or in transit, but also take a deeper look at the volatile
memory.

Python provides an excellent development platform to build your

own investigative tools because of its decreased complexity,
increased efficiency, large number of third-party libraries, and it's
also easy to read and write. During the journey of reading this book,
you will not only learn how to use the most common Python libraries
and extensions to analyze the evidence, but also how to write your
own scripts and helper tools to work faster on the cases or incidents
with a huge amount of evidence that has to be analyzed.

Let's begin our journey of mastering Python forensics by setting up

our lab environment, followed by a brief introduction of the Python
ctypes.
If you have already worked with Python ctypes and have a working
lab environment, feel free to skip the first chapter and start directly
with one of the other chapters. After the first chapter, the other
chapters are fairly independent of each other and can be read in any
order.

Setting up the Lab

As a base for our scripts and investigations, we need a
comprehensive and powerful lab environment that is able to handle
a large number of different file types and structures as well as
connections to mobile devices. To achieve this goal, we will use the
latest Ubuntu LTS version 14.04.2 and install it in a virtual machine
(VM). Within the following sections, we will explain the setup of the
VM and introduce Python virtualenv, which we will use to establish
our working environment.

Ubuntu
To work in a similar lab environment, we suggest you to download a
copy of the latest Ubuntu LTS Desktop Distribution from
http://www.ubuntu.com/download/desktop/, preferably the 32-bit
version. The distribution provides a simple-to-use UI and already has
the Python 2.7.6 environment installed and preconfigured.
Throughout the book, we will use Python 2.7.x and not the newer
3.x versions. Several examples and case studies in this book will rely
on the tools or libraries that are already a part of the Ubuntu
distribution. When a chapter or section of the book requires a third-
party package or library, we will provide the additional information
on how to install it in the virtualenv (the setup of this environment
will be explained in the next section) or on Ubuntu in general.

For better performance of the system, we recommend that the

virtual machine that is used for the lab has at least 4 GB of volatile
memory and about 40 GB of storage.

Figure 1: The Atom editor

To write your first Python script, you can use a simple editor such as
vi or a powerful but cluttered IDE such as eclipse. As a really
powerful alternative, we would suggest you to use atom, a very
clean but highly customizable editor that can be freely downloaded
from https://atom.io/.
Python virtual environment
(virtualenv)
According to the official Python documentation, Virtual Environment
is a tool to keep the dependencies required by different projects in
separate places by creating virtual Python environments for them. It
solves the "Project X depends on version 1.x, but Project Y needs
4.x" dilemma and keeps your global site-packages directory clean
and manageable.

This is also what we will use in the following chapters to keep a

common environment for all the readers of the book and not run
into any compatibility issues. First of all, we have to install the
virtualenv package. This is done by the following command:

user@lab:~$ pip install virtualenv

We will now create a folder in the users' home directory for our
virtual Python environment. This directory will contain the
executable Python files and a copy of the pip library, which can be
used to install other packages in the environment. The name of the
virtual environment (in our case, it is called labenv) can be of your
choice. Our virtual lab environment can be created by executing the
following command:

user@lab:~$ virtualenv labenv

New python executable in labenv/bin/python
Installing setuptools, pip...done.

To start working with the new lab environment, it first needs to be

activated. This can be done through:

user@lab:~$ source labenv/bin/activate

(labenv)user@lab:~$

Now, you can see that the command prompt starts with the name of
the virtual environment that we activated. From now on, any
package that you install using pip will be placed in the labenv
folder, isolated from the global Python installation in the underlying
Ubuntu.

Throughout the book, we will use this virtual python environment

and install new packages and libraries in it from time to time. So,
every time you try to recap a shown example remember or challenge
to change into the labenv environment before running your scripts.
Another random document with
no related content on Scribd:
The Project Gutenberg eBook of Studiën in
Nederlandsche Namenkunde
 This ebook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this ebook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

Title: Studiën in Nederlandsche Namenkunde

Author: Johan Winkler

Release date: September 19, 2023 [eBook #71689]

Language: Dutch

Original publication: Haarlem: H. D. Tjeenk Willink & Zoon, 1900

Credits: Jeroen Hellingman and the Online Distributed

Proofreading Team at https://www.pgdp.net/ for Project
Gutenberg (This file was produced from images
generously made available by The Internet Archive)

*** START OF THE PROJECT GUTENBERG EBOOK STUDIËN IN

NEDERLANDSCHE NAMENKUNDE ***
[Inhoud]

[Inhoud]

Studiën in Nederlandsche Namenkunde.

[Inhoud]
 STUDIËN
IN
NEDERLANDSCHE
NAMENKUNDE

DOOR
JOHAN WINKLER.
 HAARLEM
H. D. TJEENK WILLINK & ZOON
1900

[Inhoud]
Boeck, ey soo men di wil laecken,
Segg’ dat si yet beters maecken.
Laecken end maecken is groet verscil,
Dye nyet en can maecken magh swigen still.

D’æbarre traeppet plomp yn ’t gnod,

Oer ’t goe kruwd hinne in sykt de Podd’.
Dy hier uwt naet az fuwl op-syckje,
Momme eack, mey rjuecht, by Rea-schonck
lyckje.

Gysbert Japicx.

Wy willen gheerne ’t onse om een beter gheven,

Isser iet ghefaelt, tsy groot oft cleene.
Maer qualick can ment elck te passe gheweven:
Want niemant volmaeckt, dan God alleene.

Marcus van Vaernewyck.

[Inhoud]
 INHOUD.

Bladz.
Inleiding
I. Spotnamen van steden en dorpen 3
II. Nederlandsche plaatsnamen in Frankrijk 91
III. Gentsche geslachtsnamen 136
IV. Helmondsche namen uit de middeleeuwen 171
V. Friesche namen 196
VI. De namen der ingezetenen van Leeuwarden ten
jare 1511 255
VII. De hel in Friesland 280
Register 293

[1]

[Inhoud]
 INLEIDING.

De Namenkunde vormt een belangrijk onderdeel van de Taalkunde

in haren grootsten omvang, en staat tevens in menigvuldige
betrekking tot Geschiedenis en Volkenkunde.

De kennis van de namen in ’t algemeen, wat hun oorsprong,

geschiedenis en beteekenis aangaat, is inderdaad een zeer
bijzonder vak van wetenschap, een tak van studie die mij steeds
bijzonder heeft aangetrokken, en die bij voorkeur door mij beoefend
is geworden. Herhaaldelijk heb ik dan ook het een en ander werk of
werkje geschreven en in ’t licht doen komen, dat de Namenkunde
van Nederland (plaatsnamen) en van Nederlanders (vóórnamen en
geslachtsnamen) in bijzondere onderdeelen behandelt. Ik behoef
hier slechts mijn werk De Nederlandsche Geslachtsnamen in
Oorsprong, Geschiedenis en Beteekenis 📘 (Haarlem, H. D. Tjeenk
Willink, 1885) te noemen en mijne Friesche Naamlijst (Leeuwarden,
Meyer en Schaafsma, 1898), twee uitgebreide, omvangrijke werken,
die mij veel moeitevolle studie hebben gekost, maar die mij evenzeer
veelvuldige voldoening hebben bereid. Buitendien is er nog in
tijdschriften en jaarboekjes 1 menig opstel van mijne hand
verschenen, dat het een of ander gedeelte der Namenkunde tot
onderwerp heeft, dat Nederlandsche namen uit verschillende
tijdperken van ons volksbestaan, en uit verschillende gouwen en
plaatsen behandelt. [2]

Een zestal van die verhandelingen, uit den aard der zaak weinig
bekend, heb ik uitgekozen, en, ten deele aangevuld, vermeerderd,
verbeterd, hier opnieuw doen afdrukken. Een grooter opstel, over de
Spotnamen van steden en dorpen, het hoofdnummer van dezen
bundel, heb ik daarbij gevoegd. Dat verschijnt hier voor ’t eerst in ’t
licht.

Deze verschillende verhandelingen hangen slechts los te zamen;

slechts in zooverre als ze allen een onderwerp van Namenkunde
behandelen. Overigens niet.

Millioenen namen, mans- en vrouwen-vóórnamen in honderderlei

vormen en vervormingen, oorspronkelijk volkseigene en vreemde,
zoowel als geslachts- en plaatsnamen, eveneens in honderderlei
vormen, en die voor een groot deel van die vóórnamen zijn afgeleid
—inderdaad millioenen namen zijn over alle Nederlanden verspreid,
bij het Nederlandsche volk in gebruik. Elke naam heeft zijnen
eigenen, bijzonderen oorsprong, zijne geschiedenis, zijne
beteekenis, en zeer vele namen zijn in hunnen oorsprong, in hunne
geschiedenis en beteekenis belangrijk en merkwaardig. Elke naam
kan met andere soortgelijke in verschillende groepen vereenigd
worden, en al die namengroepen afzonderlijk in wetenschappelijken
zin beoefend en behandeld worden. Welk een arbeidsveld! En, voor
zooveel het onze Nederlandsche namen betreft, is dat veld nog zoo
weinig ontgonnen!

Ik heb slechts hier en daar een greep kunnen doen in deze rijke stof,
die zoo ruimschoots voorhanden, en voor iedereen toegankelijk is;
slechts hier en daar een greep ter verklaring van sommige
namengroepen en namen.

Mogen de volgende studiën, die uit den aard der zaak slechts in zeer
beperkten en beknopten vorm sommige namengroepen behandelen,
den lezer welkom zijn, en zijne belangstelling opwekken! En mogen
velen, door de lezing en de beoefening dezer verhandelingen zich
aangespoord gevoelen om al mede aan dit onderwerp, aan de
Namenkunde, hunne krachten te wijden; en moge onze
vaderlandsche wetenschap daardoor grootelijks verrijkt en gebaat
worden!

Den vriendelijken lezer een vriendelijke groet van

Johan Winkler.

H a a r l e m , 1900. [3]

1 De Navorscher, De Vrije Fries (tijdschrift van het Friesch Genootschap voor

Geschied-, Oudheid- en Taalkunde, Leeuwarden), Rond den Heerd (Brugge),
Ostfriesisches Monatsblatt (Emden), Nomina Geographica Neerlandica (tijdschrift
van het Nederlandsch Aardrijkskundig Genootschap), Belfort (Gent), de Friesche
Volksalmanak (Leeuwarden), de Noordbrabantsche Almanak (Helmond), enz. ↑
[Inhoud]
I
 SPOTNAMEN VAN STEDEN EN DORPEN.

Onderscheid in geaardheid, onderscheid in volkseigene zaken, taal

en tongval, kleeding, zeden en gebruiken, nering en bedrijf bij zee-,
steê- en landvolk, onderscheid in richting en partijschap op
godsdienstig en op staatkundig en maatschappelijk gebied is er
heden ten dage in ons vaderland nog ruimschoots voorhanden,
tusschen de bevolking van het eene en van het andere gewest, van
de verschillende Nederlandsche gewesten onderling.
Niettegenstaande dit onderscheid langzamerhand al minder en
minder wordt, en gedurig uitslijt, vooral door het meerdere en
gemakkelijke verkeer tusschen de lieden uit de verschillende
gewesten van ons land onderling, zoo onderkent men toch den Fries
aan allerlei volkseigene en bijzonder Friesche zaken en
eigenaardigheden nog gemakkelijk uit alle andere Nederlanders.
Maar ook de Groningerlander en de Zeeuw, de Hollander en de
Gelderschman, de Overijsselaar en de Brabander, de Drent en de
Limburger, ja ook de Hollander uit het Noorden (West-Friesland) en
die uit het Zuiden (het Overmaassche) zijn voor den opmerkzamen
man duidelijk en gemakkelijk te kennen, duidelijk en gemakkelijk de
een van den ander te onderscheiden.

Oudtijds traden de kenteekenen die den Fries en den Brabander,

den Gelderschman en den Hollander, den Drent en den Zeeuw
onderscheiden, veel sterker te voorschijn dan heden ten dage. Ja,
allerlei bijzondere kenmerken waren zelfs op te merken [4]bij de
bewoners van verschillende steden en dorpen—kenmerken,
waardoor dezen zich onderscheidden van de ingezetenen van
andere, van naburige of ook van verderaf gelegene plaatsen. Het
onderscheid tusschen de bewoners van twee naburige plaatsen, al
waren die lieden dan ook oorspronkelijk van geheel den zelfden
volksstam, viel juist hen onderling, over en weêr, bijzonder in ’t oog,
klonk juist te duidelijker in hun oor, werd juist door hen te scherper
opgemerkt. Voor den Hollander moge er geen onderscheid zijn te
bespeuren, in spraak noch in voorkomen, noch in eenigerlei andere
volkseigene zaak tusschen eenen burgerman uit Leeuwarden en
eenen uit Dokkum, voor den Leeuwarder en den Dokkumer zelven is
dit onderscheid zeer wel te hooren en te zien. De Friezen mogen de
Noord-Brabanders en Limburgers dooréén werpen, en niet
afzonderlijk onderkennen, Bosschenaren en Maastrichtenaren, die
van Breda en die van Roermond, zijn diep doordrongen van het
verschil dat er tusschen hen onderling bestaat. De Hollander, in ’t
algemeen de Nederlander uit het Westen en het Zuiden des lands
moge al Groningerlanders en Friezen over eenen en den zelfden
kam scheren en niet onderscheiden, de Amsterdamsche
grootstedeling moge die twee gelijkelijk als „buitenlui”, als
„provincialen, uit het Noorden” bestempelen en ze niet
onderscheidenlijk onderkennen, voor den Fries en den
Groningerlander zelven, over en weêr, zijn de bijzondere kenmerken,
die hen onderscheiden, zeer duidelijk en zeer groot, en de
Leeuwarder begrijpt zoo min als de Groninger hoe de Hollander den
een met den ander als in eenen adem kan noemen, hoe hij den een
met den anderen kan verwisselen en verwarren.

In oude tijden, toen de gelegenheden van onderling verkeer

tusschen de verschillende Nederlandsche gewesten, ook tusschen
de verschillende steden en dorpen van het zelfde gewest zoo veel
minder en geringer waren dan thans, kwamen de menschen, over ’t
algemeen genomen, uit de eene plaats vaak weinig of niet, soms
schier nooit in aanraking met die uit eene andere plaats, al ware ’t
ook dat die twee plaatsen, naar ons hedendaagsch begrip, volstrekt
niet verre van elkander af lagen. Natuurlijk bleven, ten gevolge van
dit besloten zijn binnen de muren en wallen en grachten van de
eigene stad, hoogstens binnen de [5]grenzen van de eigene gouw,
de oude volkseigenheden steeds vast en duidelijk in wezen, bleven
scherper begrensd, hielden veel langer stand dan heden ten dage,
nu schier de helft van de Nederlanders niet meer woont in de
plaatsen, waarin ze geboren en groot gebracht zijn, waar hunne
maagschap van oudsher gezeten is.

Het onderlinge verschil tusschen de ingezetenen van de eene plaats

en die van de andere, werd ook wel eene oorzaak van min
vriendelijke verhouding over en weêr, van onderlingen naijver—ja,
als ’t hoog liep, van onderlingen afkeer, zelfs van haat.
Kleingeestigheid, bekrompenheid, uit onkunde geboren, weêrhield,
aan den eenen kant, wederzijdsche erkenning als volks-, als
stamgenooten, en mat, aan de andere zijde, het onderlinge, veelal
onwezenlijke verschil ten breedsten, ten hatelijksten uit.
Leeuwarders en Dokkumers, bij voorbeeld, gevoelden zich niet als
volksgenooten, als Friezen, de eene zoo goed als de andere, maar
als Leeuwarders en Dokkumers op zich zelven, als „L e e u w a r d e r
G a l g e l a p p e r s ” en als „D o k k u m e r G a r n a t e n ”, zoo als
men elkanderen over en weêr betitelde, ja wel uitschold. Tusschen
Amsterdammers en Haarlemmers, al hoe nabij elkanderen hunne
steden ook gelegen zijn, heerschte in de 16e eeuw de grootste
naijver—een naijver die zich onder anderen lucht gaf in de
spotnamen „K o e k e t e r s ” en „M u g g e n ”, die men elkanderen
wederkeerig toevoegde—een naijver die, bij voorbeeld, ook blijkt uit
het min of meer smalende vers, waarmede de blijspeldichter
Gerbrand Adriaense Brederoô, een Oud-Amsterdammer in merg en
been, de Haarlemmers uitdaagde:

„Haerlemsche drooge harten nu,

Toont nu eens wie gy syt!
Wy Amsterdammers tarten u
Te drincken eens om stryt.”
En juist zulk eene verhouding bestond er tusschen den Zwolschen
B l a u w v i n g e r en den Kamper S t e u r , tusschen den
Deventerschman en den Zutfenaar, tusschen den Franeker
K l o k k e d i e f en den Harlinger To b b e d a n s e r , tusschen den
Rotterdammer en den Dordtenaar, tusschen den Emder
P o t s c h ij t e r en den Auriker P o g g e , tusschen den
Antwerpschen S i n j o o r en den Mechelschen
M a n e b l u s s c h e r , tusschen den Gentenaar [6]en den Bruggeling,
tusschen den K e u n e t e r van Duinkerke en den D r i n k e r van St.
Winoksbergen.

Overal in al de Nederlanden, Noord en Zuid, en in aangrenzende

stamverwante gewesten die thans tot Duitschland en Frankrijk
behooren (Oost-Friesland, Bentheim, Munsterland, Fransch-
Vlaanderen en Artesië), had men oudtijds zulke spotnamen voor de
inwoners van steden en dorpen; en al mogen die namen
tegenwoordig al minder sterk op den voorgrond treden als in vorige
tijden het geval geweest is, ze zijn toch heden ten dage nog
geenszins volkomen verdwenen. Oudtijds gaf de onderlinge naijver,
zich vooral ook uitende in het wederkeerig elkander noemen en
schelden met spotnamen, wel aanleiding tot zeer gespannen
verhoudingen, tot wrevel en haat, tot vechtpartijen zelfs, waarbij men
elkanderen wel bloedige koppen sloeg. Dit behoort in onzen tijd tot
het verledene, maar de oude spotnamen zijn nog wel bekend, en
worden nog wel eens gebruikt, zij het dan ook in tamelijk
onschuldige plagerij, of geheel in scherts.

Deze oude spotnamen zijn voor een goed deel belangrijk in menig
opzicht. Velen daarvan zijn reeds zeer oud en dagteekenen uit de
middeleeuwen. Velen ook berusten op het eene of andere
geschiedkundige feit, anderen op het wapen dat eigen is aan stad of
dorp (K l o k k e d i e v e n van Franeker, B a l k e d i e v e n van ’t
Ameland, M o l l e n van Schermerhorn). Anderen weêr danken hun
ontstaan aan het eene of andere bijzondere voorval, waarbij door
den nabuur, den tegenstander, in ’t geven van den spotnaam, juist
de domme, de belachelijke zijde der zaak werd in ’t licht gesteld
(K a l f s c h i e t e r s van Delft, K e i s l e p e r s van Amersfoort,
M a n e b l u s s c h e r s van Mechelen, R o g s t e k e r s van Weert).
Weêr anderen zijn ontleend aan eenen bijzonderen tak van handel,
van nering of bedrijf, die in de eene stad bestond, in de andere niet;
G o r t b u i k e n of G o r t z a k k e n van Alkmaar—te Alkmaar
bestonden oudtijds vele grutterijen, en de Alkmaarsche gort was wijd
vermaard in den lande; B o t e r v r e t e r s van Diksmude en
K a a s m a k e r s van Belle—beide deze Vlaamsche plaatsen zijn
van ouds bekend om hare zuivelbereiding. Sommigen ook zijn
ontstaan door de eene of andere lekkernij, die in de eene of andere
stad bijzonder gemaakt en [7]door de inwoners bij voorkeur gegeten
of gedronken werd. (K o e k e t e r s van Amsterdam,
K l i e n r o g g e n van de Joure, D ú m k e f r e t t e r s van Sneek,
M o l b o o n e n van Groningen, R o o d b i e r d r i n k e r s van
Harelbeke.)

Kieskeurig waren de oude Nederlanders geenszins, in het bedenken

en gebruiken van spotnamen. Van daar dat sommige dezer namen
heden ten dage slechts ternauwernood in beschaafd mannen-
gezelschap genoemd kunnen worden; (Z a n d p i s s e r s van de
Zijpe, G r u p p e n d r i e t e r s van Oldenzaal, P o t s c h ij t e r s van
Emden, L u z e k n i p p e r s van Eernewoude,
M o s t e r d s c h ij t e r s van Diest). Maar, jufferachtig preutsch moet
men niet zijn, als men sommige eigenaardigheden onzer voorouders
in nadere behandeling neemt.

Al deze Oud-Nederlandsche spotnamen te zamen genomen geven

een veelal verrassend, ook leerzaam en soms niet onvermakelijk