Skip to content
/ nuwalk Public

An alternative to fiwalk that utilizes The Sleuth Kit to generate DFXML

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hokiemike84/nuwalk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
DFXML_template.xml
DFXML_template.xml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
nuwalk.py
nuwalk.py
 
 

Repository files navigation

nuwalk

An alternative to fiwalk that utilizes The Sleuth Kit to generate a DFXML for file information

Usage

Nuwalk is a python script that operates off of a TSK sqlite database. The database can be generated using tsk_loaddb.exe from The Sleuth Kit https://www.sleuthkit.org/. It is recommended that tsk_loaddb.exe be ran with the -h option to include md5 hashes. Nuwalk will query file data from the database generated by tsk_loaddb.exe to build a DFXML similar to those produced by fiwalk. The resulting DFXML can be fed into Bulk Extractor's identify_filenames.py script to provide location information for the features produced by Bulk Extractor.

python nuwalk.py <path to tsk database file> <output xml file name>

About

An alternative to fiwalk that utilizes The Sleuth Kit to generate DFXML

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages