How it works...

The imports here include those libraries we've used for most recipes in the chapter for argument parsing, string buffer file-like objects, and the TSK utilities. We also import the unicodecsv library to handle any Unicode objects in the CSV report, the datetime library to assist with timestamp parsing, and the struct module to help make sense of the binary data we read. Additionally, we define a global variable, COL_TYPES, that aliases the column types from the pyesedb library, used to help identify the types of data that we will extract later in the code:

from __future__ import print_functionfrom argparse import ArgumentParserimport unicodecsv as csvimport datetimeimport StringIOimport structfrom utility.pytskutil import ...

Get Python Digital Forensics Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.