• DocumentCode
    2510301
  • Title

    Automating Disk Forensic Processing with SleuthKit, XML and Python

  • Author

    Garfinkel, Simson L.

  • fYear
    2009
  • fDate
    21-21 May 2009
  • Firstpage
    73
  • Lastpage
    84
  • Abstract
    We have developed a program called fiwalk which produces detailed XML describing all of the partitions and files on a hard drive or diskimage, as well as any extractable metadata from the document files themselves. We show how it is relatively simple to create automated disk forensic applications using a Python module we have written that reads fiwalk´s XML files. Finally, we present three applications using this system: a program to generate maps of disk images; an image redaction program; and a data transfer kiosk which uses forensic tools to allow the migration of data from portable storage devices without risk of infection from hostile software that the portable device may contain.
  • Keywords
    XML; disc drives; hard discs; meta data; programming languages; security of data; Python module; SleuthKit; XML; automated disk forensic processing; data transfer; fiwalk program; hard drive; image redaction program; meta data; Application software; Conferences; Data mining; Digital forensics; Drives; File systems; Image storage; Law enforcement; Libraries; XML; Computer Forensics; Python; Sleuth Kit; XML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systematic Approaches to Digital Forensic Engineering, 2009. SADFE '09. Fourth International IEEE Workshop on
  • Conference_Location
    Berkeley, CA
  • Print_ISBN
    978-0-7695-3792-4
  • Type

    conf

  • DOI
    10.1109/SADFE.2009.12
  • Filename
    5341559
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2510301