Exploring the framework – framework.py

Our framework will take some input directory, recursively index all of its files, run a series of plugins, and then write a series of reports into a specified output directory. The idea is that the examiner could mount a .E01 or .dd file using FTK Imager or a similar tool and then run the framework against the mounted directory.

The layout of a framework is an important first step in achieving a simplistic design. We recommend placing writers and plugins in appropriately labeled subdirectories under the framework controller. Our framework is laid out in the following manner:

 |-- framework.py |-- requirements.txt |-- plugins |-- __init__.py |-- exif.py |-- id3.py |-- office.py |-- pst_indexer.py |-- setupapi.py ...

Get Learning Python for Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.