Automating Disk Forensic Processing with SleuthKit, XML and Python

Abstract

We have developed a program called fiwalk which produces detailed XML describing all of the partitions and files on a hard drive or disk image, as well as any extractable metadata from the document files themselves. We show how it is relatively simple to create automated disk forensic applications using a Python module we have written that reads fiwalk's XML files. Finally, we present three applications using this system: a program to generate maps of disk images; an image redaction program; and a data transfer kiosk which uses forensic tools to allow the migration of data from portable storage devices without risk of infection from hostile software that the portable device may contain.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2009
Accession Number
ADA549270

Entities

People

  • Simson Garfinkel

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Communication Systems
  • Computer Programming
  • Computer Programs
  • Computers
  • Digital Communications
  • Directories
  • Forensic Analysis
  • Language
  • Law
  • Metadata
  • Operating Systems
  • Programming Languages
  • Scripting Languages
  • Servers (Computer Hardware)
  • Standards
  • User Interface
  • Word Processors

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications