Title :
Automating Disk Forensic Processing with SleuthKit, XML and Python
Author :
Garfinkel, Simson L.
Abstract :
We have developed a program called fiwalk which produces detailed XML describing all of the partitions and files on a hard drive or diskimage, as well as any extractable metadata from the document files themselves. We show how it is relatively simple to create automated disk forensic applications using a Python module we have written that reads fiwalk´s XML files. Finally, we present three applications using this system: a program to generate maps of disk images; an image redaction program; and a data transfer kiosk which uses forensic tools to allow the migration of data from portable storage devices without risk of infection from hostile software that the portable device may contain.
Keywords :
XML; disc drives; hard discs; meta data; programming languages; security of data; Python module; SleuthKit; XML; automated disk forensic processing; data transfer; fiwalk program; hard drive; image redaction program; meta data; Application software; Conferences; Data mining; Digital forensics; Drives; File systems; Image storage; Law enforcement; Libraries; XML; Computer Forensics; Python; Sleuth Kit; XML;
Conference_Titel :
Systematic Approaches to Digital Forensic Engineering, 2009. SADFE '09. Fourth International IEEE Workshop on
Conference_Location :
Berkeley, CA
Print_ISBN :
978-0-7695-3792-4
DOI :
10.1109/SADFE.2009.12
