A Python Library for Forensic File System Analysis

Authors

Constanzo, Bruno

Di Iorio, Ana Haydée

Nogueira, Enzo

Abstract

The search and recovery of information is a basic and foundational part of any digital investigation. In cases where the digital forensics experts work against storage media, filesystem analysis is a cornerstone upon which they will build their investigation. In this work, we present a Python library that lets programmers and examiners interact with the low-level structures and data from a filesystem in a simple, yet powerful manner. We also give a brief discussion on the use of this library in academic environments, to teach and show examples of operating systems concepts, and in specific digital forensics courses.