Overview
Fiwalk is part of The Sleuth Kit's collection of digital forensics tools and is used to produce a DFXML (Digital Forensics XML) report on the contents of a disk image. As the name suggests, fiwalk "walks" the file tree and collects information (metadata) about each of the files along the way, including the date the file was last accessed, the date it was last modified, the file type, the user who created the file, and more. (See this page for more details on DFXML.)
Fiwalk can be run via the command line or from the BitCurator Reporting Tool. The instructions below detail the process of using fiwalk to Generate generate DFXML output via the BitCurator Reporting Tool.
Step-by-Step Guide
Step 1: Open the BitCurator Reporting Tool by double clicking on the "Forensics Tools" folder on the BitCurator desktop and then double clicking on the "BitCurator Reporting Tool" icon.
...