예제 #1
0
def main(image_filename, volume_offset):
    logging.basicConfig(level=logging.DEBUG)
    logging.getLogger("ntfs.mft").setLevel(logging.INFO)

    with Mmap(image_filename) as buf:
        v = FlatVolume(buf, volume_offset)
        vbr = NTFSVBR(v)
        print(vbr.get_all_string())
예제 #2
0
def main(image_filename, volume_offset, record_number):
    logging.basicConfig(level=logging.DEBUG)
    #logging.getLogger("ntfs.mft").setLevel(logging.INFO)

    with Mmap(image_filename) as buf:
        v = FlatVolume(buf, volume_offset)
        fs = NTFSFilesystem(v)
        record = fs.get_record(record_number)
        print(record.get_all_string())
예제 #3
0
def main(image_filename, volume_offset, mountpoint):
    from ntfs.volume import FlatVolume
    from ntfs.BinaryParser import Mmap

    logging.basicConfig(level=logging.DEBUG)
    logging.getLogger("ntfs.mft").setLevel(logging.INFO)

    with Mmap(image_filename) as buf:
        v = FlatVolume(buf, volume_offset)
        fs = NTFSFilesystem(v)
        handler = NTFSFuseOperations(fs)
        FUSE(handler, mountpoint, foreground=True)
예제 #4
0
def main(image_filename, volume_offset, path):

    with Mmap(image_filename) as buf:
        v = FlatVolume(buf, volume_offset)
        fs = NTFSFilesystem(v)
        root = fs.get_root_directory()

        if path == "/":
            entry = root
        else:
            entry = root.get_path_entry(path)

        v = make_dump_directory_indices_visitor(csv_directory_index_formatter)
        walk_directories(fs, entry, v)
예제 #5
0
def main(image_filename, volume_offset, path):
    logging.basicConfig(level=logging.DEBUG)
    #logging.getLogger("ntfs.mft").setLevel(logging.INFO)

    with Mmap(image_filename) as buf:
        v = FlatVolume(buf, volume_offset)
        fs = NTFSFilesystem(v)
        root = fs.get_root_directory()

        if path == "/":
            entry = root
        else:
            entry = root.get_path_entry(path)

        if not entry.is_directory():
            g_logger.error("not a directory")
            return

        # sorry, reaching
        record = entry._record

        entries = {}
        try:
            indx_alloc_attr = record.attribute(ATTR_TYPE.INDEX_ALLOCATION)
            indx_alloc = INDEX_ALLOCATION(
                fs.get_attribute_data(indx_alloc_attr), 0)
            g_logger.debug("INDEX_ALLOCATION len: %s", hex(len(indx_alloc)))
            g_logger.debug("alloc:\n%s", indx_alloc.get_all_string(indent=2))
            indx = indx_alloc

            g_logger.info("found:")
            for block in indx.blocks():
                for entry in block.index().entries():
                    ref = MREF(entry.header().mft_reference())
                    entries[ref] = entry.filename_information().filename()

        except AttributeNotFoundError:
            indx_root_attr = record.attribute(ATTR_TYPE.INDEX_ROOT)
            indx_root = INDEX_ROOT(fs.get_attribute_data(indx_root_attr), 0)
            g_logger.debug("INDEX_ROOT len: %s", hex(len(indx_root)))
            g_logger.debug("root:\n%s", indx_root.get_all_string(indent=2))
            indx = indx_root

            g_logger.info("found:")
            for entry in indx.index().entries():
                ref = MREF(entry.header().mft_reference())
                entries[ref] = entry.filename_information().filename()

        for k, v in entries.iteritems():
            g_logger.info("  - %s", v)
예제 #6
0
def main(image_filename, volume_offset, path):
    logging.basicConfig(level=logging.DEBUG)
    logging.getLogger("ntfs.mft").setLevel(logging.INFO)

    with Mmap(image_filename) as buf:
        v = FlatVolume(buf, volume_offset)
        fs = NTFSFilesystem(v)
        root = fs.get_root_directory()

        if path == "/":
            entry = root
        else:
            entry = root.get_path_entry(path)

        v = make_dump_directory_indices_visitor(csv_directory_index_formatter)
        walk_directories(fs, entry, v)
예제 #7
0
def main():
    import sys
    from ntfs.volume import FlatVolume
    from ntfs.BinaryParser import Mmap
    from ntfs.mft.MFT import MFTEnumerator
    logging.basicConfig(level=logging.DEBUG)

    with Mmap(sys.argv[1]) as buf:
        v = FlatVolume(buf, int(sys.argv[2]))
        fs = NTFSFilesystem(v)
        root = fs.get_root_directory()
        g_logger.info("root dir: %s", root)
        for c in root.get_children():
            g_logger.info("  - %s", c.get_name())

        sys32 = root.get_path_entry("windows\\system32")
        g_logger.info("sys32: %s", sys32)