Automating Disk Forensic Processing with SleuthKit, XML and Python

13 years 11 months ago

Download simson.net

We have developed a program called fiwalk which produces detailed XML describing all of the partitions and ﬁles on a hard drive or disk image, as well as any extractable metadata from the document ﬁles themselves. We show how it is relatively simple to create automated disk forensic applications using a Python module we have written that reads fiwalk’s XML ﬁles. Finally, we present three applications using this system: a program to generate maps of disk images; an image redaction program; and a data transfer kiosk which uses forensic tools to allow the migration of data from portable storage devices without risk of infection from hostile software that the portable device may contain.

Simson L. Garfinkel

Real-time Traffic

Digital Forensic Engineering | Disk Forensic Applications | Disk Images | Forensic Engineering | Program Called Fiwalk | SADFE 2009 |

claim paper

Post Info
More Details (n/a)

Added	21 May 2010
Updated	21 May 2010
Type	Conference
Year	2009
Where	SADFE
Authors	Simson L. Garfinkel

Comments (0)

Sciweavers

Automating Disk Forensic Processing with SleuthKit, XML and Python

Digital Forensic Engineering | Disk Forensic Applications | Disk Images | Forensic Engineering | Program Called Fiwalk | SADFE 2009 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers