Automating Disk Forensic Processing with SleuthKit, XML and Python
Garfinkel, Simson L.
MetadataShow full item record
We have developed a program called fiwalk which produces detailed XML describing all of the partitions and files on a hard drive or disk image, as well as any extractable metadata from the document files themselves. We show how it is relatively simple to create automated disk forensic applications using a Python module we have written that reads fiwalk's XML files. Finally, we present three applications using this system: a program to generate maps of disk images; an image redaction program; and a data transfer kiosk which uses forensic tools to allow the migration of data from portable storage devices without risk of infection from hostile software that the portable device may contain.
*(IEEE/SADFE 2009), Oakland, California.Refereed Conference Paper
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Agrawal, B.N. (2005);This paper presents a review of the spacecraft design program at the Naval Postgraduate School. This program is part of the space systems engineering curriculum. In this curriculum, the students take at least one course ...
Klee, Charles W., Jr. (Boston, Massachusetts; Boston University, 1968-06);Over the past several years the United States Atlantic Fleet Anphib1ous Force has been faced with increasing losses of qualified enlisted men. In 1965 the Atlantic Fleet Amphibious Force had more men leaving the Navy than ...
Shick, BethAnn. (Monterey, California. Naval Postgraduate School, 2007);The Joint Strike Fighter (JSF) program is the largest Department of Defense (DoD) military aircraft acquisition program to date. The JSF will serve the Air Force, Navy and Marine Corps, as well as many of our key ...