Output Metadata as JSON using The Sleuthkit
fsrip is a simple utility for extracting filesystem information from digital media and evidence files. fsrip has two goals:
fsrip takes an "it's just data" approach to evidence. There's no API, there are no language bindings, there is only data, which you must then parse. This sounds onerous, but we live in the future, we have JSON. In most scripting languages, it's usually a line or two of code to read a line from stdin as a string, and another line or two to transform json into a dictionary or map or object or whatever your favorite scripting language uses for hierarchical key-value data.
So, that's what fsrip does: it outputs a json string, one per line, for the data you tell it to retrieve. You can then pipe this into your scripts, parse it easily, and do your forensic stuff without having to learn C or C++ or how to C/C++ linkers work.
Also, fsrip tends to be waaaay faster than repeated calls to individual sleuthkit commands. This is because launching processes and reparsing filesystem structures is expensive. fsrip operates in batch on the input, so, well, economies of scale and whatnot.
Please send email to jon@lightboxtechnologies.com. fsrip is definitely a work-in-progress and generally only does what I need it to do, but I'd love to hear about what you need it to do, too.