Disk Access in Python with libtsk (by HECF Blog)

If you have ever been looking for a way to access your computer disk without having to deal with user permissions and constrains the operating system enforces then this is the series to read.

David Cowen is working on an excellent series called “Automating DFIR” (Digital Forensics Incident Response) on his blog “Hacking Exposed Computer Forensics Blog”. The guide takes you step by step to from installing the dependencies to writing the Python code to access partitions and forensic images using an open source library called libtsk (The Sleuth Kit library). The libtsk library is cross platform meaning you an write code to access Windows, Linux and Mac systems using a fairly intuitive and consistent syntax. You won’t have any limitations on accessing special files as well. The big drawback to using this library has been the lack of documentation.

With his blog series Mr Cowen is trying to get the word out on libtsk with some practical examples for those in the community that are not yet aware or just don’t know where to start! My hope is that better information helps to expand the user base beyond just Forensics and Incident response because it can be applied to other industries in tech.

You can get started reading Part 1 of a 24 part series at the link below:


or you can view the full series of posts