How it works...

We import a number of libraries to assist with argument parsing, writing CSVs, processing index.dat files, and the custom pytskutil module:

from __future__ import print_functionimport argparsefrom datetime import datetime, timedeltaimport osimport pytsk3import pyewfimport pymsiecfimport sysimport unicodecsv as csvfrom utility.pytskutil import TSKUtil

This recipe's command-line handler takes two positional arguments, EVIDENCE_FILE and TYPE, which represent the path to the evidence file and the type of evidence file, respectively. Similar to the previous recipe, the optional d switch can be supplied to specify a directory to scan. Otherwise, the recipe starts scanning at the "/Users" directory. After performing input validation ...

Get Python Digital Forensics Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.