This recipe requires the installation of five third-party modules to function: pytsk3, pyewf, pyevt, pyevtx, and unicodecsv. Refer to Chapter 8, Working with Forensic Evidence Container Recipes for a detailed explanation of installing the pytsk3 and pyewf modules. Likewise, refer to the Getting started section in the Parsing prefetch files recipe, for details on installing unicodecsv. All other libraries used in this script are present in Python's standard library. When it comes to installing the Python bindings of most libyal libraries, they follow a very similar path.
Navigate to the GitHub repository and download the desired release for each library. This recipe was developed using the libevt-alpha-20170120 and libevtx-alpha-20170122 releases of the pyevt and pyevtx libraries, respectively. Next, once the contents of the release are extracted, open a terminal and navigate to the extracted directory and execute the following commands for each release:
./synclibs.sh
./autogen.sh sudo python setup.py install
To learn more about the pyevtx library, visit https://github.com/libyal/libevtx.
Lastly, we can check the libraries installation by opening a Python interpreter, importing pyevt and pyevtx, and running their respective get_version() methods to ensure we have the correct release versions.