Automating Disk Forensic Processing with SleuthKit, XML and Python
NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
Pagination or Media Count:
We have developed a program called fiwalk which produces detailed XML describing all of the partitions and files on a hard drive or disk image, as well as any extractable metadata from the document files themselves. We show how it is relatively simple to create automated disk forensic applications using a Python module we have written that reads fiwalks XML files. Finally, we present three applications using this system a program to generate maps of disk images an image redaction program and a data transfer kiosk which uses forensic tools to allow the migration of data from portable storage devices without risk of infection from hostile software that the portable device may contain.
- Sociology and Law
- Computer Hardware