How it works...

We import a number of libraries to assist with argument parsing, date parsing, writing CSVs, processing the ESE database, and the custom pytskutil module:

from __future__ import print_functionimport argparsefrom datetime import datetime, timedeltaimport osimport pytsk3import pyewfimport pyesedbimport structimport sysimport unicodecsv as csvfrom utility.pytskutil import TSKUtil

This script uses two global variables during its execution. The TABLE_LOOKUP variable is a lookup table matching various SRUM table names to a more human-friendly description. These descriptions were pulled from Yogesh Khatri's presentation, referenced at the beginning of the recipe. The APP_ID_LOOKUP dictionary will store data from the SRUM SruDbIdMapTable ...

Get Python Digital Forensics Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.