I work on development of forensic tool called IPED. It interfaces/integrates with some already implemented python forensic tools.
Right now, I am developing some integration with ALeapp. I would like to call ALeapp in a way that any try to open a file would be intercepted by IPED in a way that he would open a file inside the acquired evidence being processed, not the local file system where IPED is installed.
Also, this interception could be used to override some ALeapp code before the compilation/execution, changing their behaviour.
Thanks for the directions Ben. I think they will help me anyhow.