Accession Number:

ADA549270

Title:

Automating Disk Forensic Processing with SleuthKit, XML and Python

Descriptive Note:

Conference paper

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE

Personal Author(s):

Report Date:

2009-05-01

Pagination or Media Count:

13.0

Abstract:

We have developed a program called fiwalk which produces detailed XML describing all of the partitions and files on a hard drive or disk image, as well as any extractable metadata from the document files themselves. We show how it is relatively simple to create automated disk forensic applications using a Python module we have written that reads fiwalks XML files. Finally, we present three applications using this system a program to generate maps of disk images an image redaction program and a data transfer kiosk which uses forensic tools to allow the migration of data from portable storage devices without risk of infection from hostile software that the portable device may contain.

Subject Categories:

  • Sociology and Law
  • Computer Hardware

Distribution Statement:

APPROVED FOR PUBLIC RELEASE