How it works...

We import a number of libraries to assist with argument parsing, writing CSVs, processing index.dat files, and the custom pytskutil module:

from __future__ import print_functionimport argparsefrom datetime import datetime, timedeltaimport osimport pytsk3import pyewfimport pymsiecfimport sysimport unicodecsv as csvfrom utility.pytskutil import TSKUtil

This recipe's command-line handler takes two positional arguments, EVIDENCE_FILE and TYPE, which represent the path to the evidence file and the type of evidence file, respectively. Similar to the previous recipe, the optional d switch can be supplied to specify a directory to scan. Otherwise, the recipe starts scanning at the "/Users" directory. After performing input validation ...

Get Python Digital Forensics Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.