This recipe requires the installation of four third-party modules to function: pytsk3, pyewf, pymsiecf, and unicodecsv. Refer to Chapter 8, Working with Forensic Evidence Container Recipes, for a detailed explanation on installing the pytsk3 and pyewf modules. Likewise, refer to the Getting started section in the Parsing prefetch files recipe for details on installing unicodecsv. All other libraries used in this script are present in Python's standard library

Navigate to the GitHub repository and download the desired release of the pymsiecf library. This recipe was developed using the libmsiecf-alpha-20170116 release. Once the contents of the release are extracted, open a terminal and navigate to the extracted directory and execute the following commands:

./synclibs.sh
./autogen.sh
sudo python setup.py install 

Lastly, we can check our library's installation by opening a Python interpreter, importing pymsiecf, and running the gpymsiecf.get_version() method to ensure we have the correct release version.