We import a number of libraries to assist with argument parsing, date parsing, writing CSVs, processing the ESE database, and the custom pytskutil module:

from __future__ import print_functionimport argparsefrom datetime import datetime, timedeltaimport osimport pytsk3import pyewfimport pyesedbimport structimport sysimport unicodecsv as csvfrom utility.pytskutil import TSKUtil

This script uses two global variables during its execution. The TABLE_LOOKUP variable is a lookup table matching various SRUM table names to a more human-friendly description. These descriptions were pulled from Yogesh Khatri's presentation, referenced at the beginning of the recipe. The APP_ID_LOOKUP dictionary will store data from the SRUM SruDbIdMapTable ...