Our framework will take some input directory, recursively index all of its files, run a series of plugins, and then write a series of reports into a specified output directory. The idea is that the examiner could mount a .E01 or .dd file using FTK Imager or a similar tool and then run the framework against the mounted directory.
The layout of a framework is an important first step in achieving a simplistic design. We recommend placing writers and plugins in appropriately labeled subdirectories under the framework controller. Our framework is laid out in the following manner:
|-- framework.py |-- requirements.txt |-- plugins |-- __init__.py |-- exif.py |-- id3.py |-- office.py |-- pst_indexer.py |-- setupapi.py |-- userassist.py |-- wal_crawler.py |-- helper |-- __init__.py |-- utility.py |-- usb_lookup.py |-- writers |-- __init__.py |-- csv_writer.py...