dfvfs (Digital Forensics Virtual File System - python module)
This package provides read-only access to file-system objects from various
storage media types and file formats. The goal of dfVFS is to provide a generic
interface for accessing file-system objects, for which it uses several
back-ends that provide the actual implementation of the various storage media
types, volume systems and file systems.
A note about REQUIREMENTS: dfvfs requires the following packages [secondary
dependancies are listed in brackets]. They should be installed IN THE ORDER
LISTED. This is important because while libewf support is optional for the
sleuthkit (a requirement for pytsk), it is a REQUIRED option for the sleuthkit
when building dfvfs. Do NOT rely on automated tools to properly order your
dependancies.
REQUIRES="[six] construct [pysetuptools] [python-gflags] [python-dateutil]
[pytz] protobuf libbde libewf libqcow libsigscan libsmdev libsmraw libvhdi
libvmdk libvshadow [sleuthkit] pytsk"
Supported:
EWF (EWF-E01, EWF-Ex01, EWF-S01)
QCOW version 1, 2
Storage Media device
(split) Storage Media RAW
VHD
VMDK
Note that at the moment differential images are not supported.
Volume systems
Supported:
APM
BitLocker (BDE)
GPT
MBR
VSS
Planned:
FileVault2 (CoreStorage)
LDM
LUKS
Linux LVM version 1, 2
Software Raid
File systems
Supported file systems:
ext version 2, 3, 4
FAT
HFS, HFS+, HFSX
NTFS version 3
UFS version 1, 2
Archive file types
Supported:
tar
zip