def main(record_filename):
logging.basicConfig(level=logging.DEBUG)
#logging.getLogger("ntfs.mft").setLevel(logging.INFO)
with Mmap(record_filename) as buf:
record = MFTRecord(buf, 0, None)
print("=== MFT Record Header")
print(record.get_all_string())
for attribute in record.attributes():
print("=== Attribute Header (type: {:s}) at offset {:s}".format(
Attribute.TYPES[attribute.type()], hex(attribute.offset())))
print(attribute.get_all_string())
if attribute.type() == ATTR_TYPE.STANDARD_INFORMATION:
print("=== STANDARD INFORMATION value")
si = StandardInformation(attribute.value(), 0, None)
print(si.get_all_string())
elif attribute.type() == ATTR_TYPE.FILENAME_INFORMATION:
print("=== FILENAME INFORMATION value")
fn = FilenameAttribute(attribute.value(), 0, None)
print(fn.get_all_string())
def main(record_filename):
logging.basicConfig(level=logging.DEBUG)
#logging.getLogger("ntfs.mft").setLevel(logging.INFO)
with Mmap(record_filename) as buf:
record = MFTRecord(buf, 0, None)
print("=== MFT Record Header")
print(record.get_all_string())
for attribute in record.attributes():
print("=== Attribute Header (type: {:s}) at offset {:s}".format(
Attribute.TYPES[attribute.type()],
hex(attribute.offset())))
print(attribute.get_all_string())
if attribute.type() == ATTR_TYPE.STANDARD_INFORMATION:
print("=== STANDARD INFORMATION value")
si = StandardInformation(attribute.value(), 0, None)
print(si.get_all_string())
elif attribute.type() == ATTR_TYPE.FILENAME_INFORMATION:
print("=== FILENAME INFORMATION value")
fn = FilenameAttribute(attribute.value(), 0, None)
print(fn.get_all_string())