Recipe Difficulty: Medium

Python Version: 2.7

Operating System: Linux

In this recipe, we learn how to view and print the partition table using tabulate. Additionally, for E01 containers, we will print E01 acquisition and container metadata stored in the evidence file. Oftentimes, we will be working with a physical disk image of a given machine. In pretty much any process going forward, we will need to iterate through the different partitions (or a user-selected partition) to get a handle on the filesystem and its files. Therefore, this recipe is of critical importance as we build upon our burgeoning understanding of the Sleuth Kit and its bevy of features.